How Ransomware is Evading Common Cybersecurity Defenses Cybersecurity architectures are diverse and composed of a wide range of tools ranging from legacy to cutting-edge technologies. However, many organizations from small businesses to service providers and enterprises, rely on this ‘triad’ of security tools to defend their network infrastructure. Here is a limited list of some new and common ways in which ransomware groups evade these defenses.
Email Security
Social Engineering
Social engineering attacks rely on psychological manipulation to coerce or incite users into divulging sensitive information or performing a particular action. For example, a spearphishing attack (Mitre: T1192) impersonates a trusted contact like a manager and leverages the fears and insecurities of a targeted individual to make them grant access to a sensitive system or click on a malicious link.
Obfuscation
Obfuscation (Mitre: T1027) is the practice of making malicious code or activities unclear, difficult to understand, and undetectable to email security. Attackers may obfuscate their phishing attempts by blending in with legitimate traffic or spoofing legitimate email addresses.
HTML Smuggling
HTML smuggling (Mitre: T1027.006) involves inserting a malicious HTML and javascript code in an email, permitting communications that would typically not be allowed by email security. While the practice is not new, and fairly simple to prevent, it is still a common practice that endusers fall victim to.
Cloud Phishing
Cloud phishing (Mitre T1586.003) involves taking over cloud-based services like cloud storage, file sharing or collaboration tools. The attackers can then use these formerly legitimate tools to host malicious files or data. Email security can then be tricked into thinking that a link is safe because it is linked to a reputable service.
Domain Spoofing
This practice (Mitre: T1105) involves setting up a website that impersonates a legitimate page. Often the attackers impersonate the login page of a trusted website, which is then used to capture passwords, personal information, or credit card detail.
