In 2020, cyber-attacks reached a new scale, disrupting the business community and Information security professionals. Malware, phishing, denial of service attacks, DNS tunneling, SQL injection, and zero-day exploits have seen a massive explosion in every large organization. According to a report from antivirus, cloud, and endpoint security firm McAfee, since 2018, the cost of global cybercrime has reached over $1 trillion. If that wasn’t enough, the industry has noticed a new pattern of cybercriminals investing in plug-and-play obfuscation software-based toolkits to infect corporate networks for financial gains. (See: Top enterprise cybersecurity trends of 2020)
Obfuscation is a proven technology widely used by security professionals and coders to make the source code anonymous and incoherent. The technique helps businesses secure their critical data and prevent hackers from using reverse engineering techniques to discover an enterprise network’s vulnerability and launch attacks.
The recent cyber intrusion in the software IT monitoring and management software company Solarwinds was executed by an obfuscated advanced persistent threat (APT) that mysteriously took nine months to discover. (See: SolarWinds hack: CISOs need to revisit cyber resilience?)
However, as usual, hackers appear to be a step ahead of network protectors. Call it money as a motive or an innovative mindset; cybercriminals always develop enterprising ways to infiltrate defenses. Obfuscation-as-a-service is one such recently exposed illegal business model developed by cybercriminals. Professional hackers try to make money from selling such techniques on subscription-based models to other hackers.
As-a-service model for orchestrating a hack
Those who trust that the as-a-service models are currently only transforming legitimate business models will probably live on a different planet. Over the past few years, cybercrime as a service model is swiftly making inroads into the dark-web. Professional fraudsters and cybercriminals use illegal platforms to sell cyberattack tools, procedures, services, and a host of software programs to evade detection and launch fully automated cyberattacks.
Obfuscation-as-a-service model is operating on similar lines. In 2020, many instances were discovered by cybersecurity monitoring agencies and solution providers where hackers provided automated obfuscation service and android pocket kits (APKs) on a subscription basis to fraudsters. In the wake of a growing remote workforce, most organizations are introducing workplace productivity apps that can be accessed quickly by employees through their mobile phones. As such cracking mobile applications, especially android, through obfuscation has become a prime focus area for cybercriminals.
The entire business of purchasing and selling obfuscation service happens through illegitimate darknet marketplaces, making it very challenging for governments and law-enforcement authorities to keep a consistent track. This new development of obfuscation-as-a-service is perturbing for enterprises with global footprints, which have a massive amount of data located on different clouds. This unlawful cybercrime service model can give a ready-to-launch platform to even newbie cybercriminals who regularly exploit weaker networks.
What’s the remedy?
To protect networks from obfuscation techniques or deobfuscate malicious codes launched by hackers, organizations need to ensure the uppermost security level that fills the unwanted gaps. Applying integrity controls, encrypting as much as possible, transforming program codes and making them unintelligible, inserting anti-debugging logic are some of the fields that should be strengthened.
While there is no perfect solution that can give full-proof code security, a host of commercial tools can be tested and implemented to make your security architectures robust.
Most importantly, in 2021, organizations and cybersecurity leaders should set-up quality budgets to train their in-house talents and develop innovative solutions to fortify their resilience levels and mitigate new-age obfuscation security threats.