obfuscation

Hackers step up obfuscation attacks to break into IT networks

by | Jan 7, 2021 | IT Security

Cybercriminals are introducing obfuscation-as-a-service to enable novice hackers on the dark web to make hard-to-break infiltration into corporate networks.
Share to lead the transformation

In 2020, cyber-attacks reached a new scale, disrupting the business community and Information security professionals. Malware, phishing, denial of service attacks, DNS tunneling, SQL injection, and zero-day exploits have seen a massive explosion in every large organization. According to a report from antivirus, cloud, and endpoint security firm McAfee, since 2018, the cost of global cybercrime has reached over $1 trillion. If that wasn’t enough, the industry has noticed a new pattern of cybercriminals investing in plug-and-play obfuscation software-based toolkits to infect corporate networks for financial gains. (See: Top enterprise cybersecurity trends of 2020)

Obfuscation is a proven technology widely used by security professionals and coders to make the source code anonymous and incoherent. The technique helps businesses secure their critical data and prevent hackers from using reverse engineering techniques to discover an enterprise network’s vulnerability and launch attacks.

The recent cyber intrusion in the software  IT monitoring and management software company Solarwinds was executed by an obfuscated advanced persistent threat (APT) that mysteriously took nine months to discover. (See: SolarWinds hack: CISOs need to revisit cyber resilience?)

However, as usual, hackers appear to be a step ahead of network protectors. Call it money as a motive or an innovative mindset; cybercriminals always develop enterprising ways to infiltrate defenses. Obfuscation-as-a-service is one such recently exposed illegal business model developed by cybercriminals. Professional hackers try to make money from selling such techniques on subscription-based models to other hackers.

As-a-service model for orchestrating a hack

Those who trust that the as-a-service models are currently only transforming legitimate business models will probably live on a different planet. Over the past few years, cybercrime as a service model is swiftly making inroads into the dark-web. Professional fraudsters and cybercriminals use illegal platforms to sell cyberattack tools, procedures, services, and a host of software programs to evade detection and launch fully automated cyberattacks.

Obfuscation-as-a-service model is operating on similar lines. In 2020, many instances were discovered by cybersecurity monitoring agencies and solution providers where hackers provided automated obfuscation service and android pocket kits (APKs) on a subscription basis to fraudsters. In the wake of a growing remote workforce, most organizations are introducing workplace productivity apps that can be accessed quickly by employees through their mobile phones. As such cracking mobile applications, especially android, through obfuscation has become a prime focus area for cybercriminals.

The entire business of purchasing and selling obfuscation service happens through illegitimate darknet marketplaces, making it very challenging for governments and law-enforcement authorities to keep a consistent track. This new development of obfuscation-as-a-service is perturbing for enterprises with global footprints, which have a massive amount of data located on different clouds. This unlawful cybercrime service model can give a ready-to-launch platform to even newbie cybercriminals who regularly exploit weaker networks.

What’s the remedy?

To protect networks from obfuscation techniques or deobfuscate malicious codes launched by hackers, organizations need to ensure the uppermost security level that fills the unwanted gaps. Applying integrity controls, encrypting as much as possible, transforming program codes and making them unintelligible, inserting anti-debugging logic are some of the fields that should be strengthened.

While there is no perfect solution that can give full-proof code security, a host of commercial tools can be tested and implemented to make your security architectures robust.

Most importantly, in 2021, organizations and cybersecurity leaders should set-up quality budgets to train their in-house talents and develop innovative solutions to fortify their resilience levels and mitigate new-age obfuscation security threats.

MORE FROM BETTER WORLD

Climate Change: Javadekar takes charge

Climate Change: Javadekar takes charge

Prakash Javadekar today assumed charge as the Union Minister of Environment, Forest and Climate Change here today. He was greeted at the office at Paryavaran Bhawan by Environment Secretary Shri C K Mishra and other senior officials of the ministry. Babul Supriyo also assumed charge as Minister of State.

Briefing the media after assuming the charge, the Union Minister said it is like a home coming for him as he already served in the ministry for two years in the first term of NDA government. He stressed that we will strongly reinforce that this ministry is seen as a facilitator and not merely as a regulator. “Economic growth and environment protection should go simultaneously, and we need to work with an increased impetus towards that”, said Javadekar.

After assuming the charge, the Minister also held a meeting with the senior officers of the Ministry where he was briefed on the key initiatives and policy issues of the Ministry.

Infosys Foundation Opens Aarohan Awards 2019

Infosys Foundation Opens Aarohan Awards 2019

social-impact

The awards would recognize solutions that could positively impact the underprivileged in India. (Representative image)

Infosys Foundation, the philanthropic and CSR arm of Infosys, has announced the launch of the second edition of the Aarohan Social Innovation Awards. The award is aimed at accelerating innovation in the social sector. The Aarohan Social Innovation Awards 2019 seek to recognize and reward individuals, teams or NGOs developing unique solutions that have the potential to positively impact the underprivileged in India, at scale.

Speaking at the launch of the second edition of the awards, Infosys Foundation Chairperson Sudha Murty said, “The Aarohan Social Innovation Awards 2018 was a huge success. Infosys Foundation witnessed a very good response from social innovators across the country and eventually, 12 leading innovators were recognised and awarded. The overwhelming response we got last year, has reaffirmed my belief that there are innumerable innovators across India who are looking up to this platform to give wings to their passion by scaling their innovation and impacting millions of lives. With the second edition of the awards, we hope to discover these hidden social innovators across the country and help them scale the power of their social innovations”

The awards will accept submissions across six categories, namely, Healthcare, Rural Development, Destitute Care, Women’s Safety & Empowerment, Education & Sports, and Sustainability.

The submission process for the second edition of these awards commences on July 15, 2019 and will continue till September 30, 2019. Participants can submit entries describing their work in the form of videos that can be uploaded on the Aarohan Social Innovation Awards website. The entries must be of a fully functioning prototype, not just a concept, idea or mock up. Additionally, the project must not be an established commercial venture.

Aarohan Social Innovation Awards will also offer winners an opportunity for residential technical mentorship at the IIT Hyderabad campus for up to 12 weeks to help them further develop and scale their solutions.

A panel of distinguished judges will evaluate and select the winners whose submissions will be assessed on five broad criteria – application to a social problem or need, innovative use of technology, originality of ideas, ease of use and the quality of presentation. The jury will comprise Prof. Trilochan Sastry, former Dean, IIM Bangalore; Padma Shree Arvind Gupta, an Indian toy inventor and science expert; Prof. Anil Gupta, visiting faculty member, IIM Ahmedabad, a globally renowned scholar of grassroots innovations and founder of the Honey Bee Network; Prof. GVV Sharma, Faculty member of the Department of Electrical Engineering and Coordinator, Teaching Learning Centre, IIT Hyderabad; Sumit Virmani, Senior Vice President and Global Head – Marketing, Infosys, and Infosys Foundation Chairperson, renowned author and philanthropist Sudha Murty.

0 Comments