Malware exploitation techniques describes the specific method by which malware code infects a target host. Most modern malware uses fileless techniques to avoid detection by signature based security software like Antivirus, IDS, IPS and EDR(Endpoint detection & Response).
How does an APT/Hackers use modern malware to operate?
Dropper and Downloader
Maintain Access
Strengthen Access
Action on objective
Concealment
Dropper
Dropper is a malware designed to install or run other types of malware embedded in a payload on an infected host. Dropper is a small helper program that facilitates the delivery and installation of malware. Droppers are likely to implement anti-forensics techniques to prevent detection and analysis.
Downloader
Downloader is a piece of code that connects to the internet to retrieve additional tools after the initial infection by a dropper. Dropper itself downloader. Sometimes downloader download some malicious tools which is harmful to our system.
Shellcode
Shellcode is a small piece of code used as payload in exploitation of software vulnerability. In other words any lightweight code designed to run an exploit on the target, which may include any type of code format from scripting languages to binary code. It is called shellcode because it start a command shell from which the attackers can control the compromised system.
Code Injection
Code injection is exploit technique that runs malicious code with the identification number of a legitimate process.
- Masquerading: Pretend to be someone else. Masquerade attack consists of a person imitating someone else’s identity and using legitimate sources to carry out cybercrimes in the victim’s name. This type of attack is primarily used for gaining unauthorized access to the victim’s machines or organization’s networks.
- DLL Injection/DLL Sideloading: DLL Dynamic Link Library, a file containing code for commonly used program function on windows OS. DLL Sideloading is an increasing popular cyber attack method that take advantages of how Microsoft windows application handle DLL files. In this attack malware places a spoofed malicious DLL file in window’s WinSxS directory so that operating system load it instead of legitimate file.
- Process Hollowing: In which attacker removes some legitimate code in an executable files and replaces it with some malicious code. Process hollowing are also likely to implement anti-forensics techniques to prevent detection and analysis from security applications and tools.
- Living off the land: Exploit techniques that use standard system tools and packages to perform intrusions. In this technique only pre-installed software is used by attacker and no additional binary executable is installed onto the system. Due to this it is also known as fileless malware attack.
Symptoms of Infection
Your computer might have been infected if it begins to act strangely
- Hard drives, files, or applications are not accessible anymore
- Strange noises occur
- Unusual error messages
- Display looks strange
- Jumbled printouts
- Double file extensions are being displayed, such as textfile.txt.exe
- New files and folders have been created or files and folders are missing/corrupted
- System Restore will not function
How to Remove Malwares from System
- Identify symptoms of a malware infection
- Quarantine the infected systems
- Disable System Restore (if using a Windows machine)
- Remediate the infected system
- Schedule automatic updates and scans
- Enable System Restore and create a new restore point
- Provide end user security awareness training
- If a boot sector virus is suspected, reboot the computer from an external device and scan it
Read More
What is Malware and it Different types?
What is cybersecurity and its importance in today’s world?
One thought on “Malware Exploitation Techniques | Explained”