The growth of cybercrime in the recent years is truly staggering. In fact, cybercrime has become an increasingly lucrative and profitable business. Cybercriminals have realized that they can make more money with less risk of getting caught. As a result, hackers cover their tracks to maintain their connection in the system and avoid detection by incident response teams or forensic teams. In this article at CSO, Ax Sharma explains a few ways in which cybercriminals cover their tracks.
Why Is It Difficult to Track Hackers?
Deleting logs is a straightforward process. A hacker uses one of the numerous programs to remove individual log entries relating to their presence. For example, hackers exploit a network using Metasploit. After a successful exploit, the hacker uses the Meterpreter command prompt and uses the script ‘clearev’ to clear the event logs in the windows machine. The logs can also be cleared using the clearlog.exe file. After deleting the logs, the hacker then removes the clearlog.exe file to avoid the suspicious presence.
Using Signed Binaries
“The familiar concept of fileless malware using living-off-the-land binaries (LOLBINs) remains a valid evasion technique,” says Sharma. LOLBINs are legitimate, digitally signed executables that attackers misuse to launch malicious code with elevated privileges. Hackers also use these binaries to evade endpoint security products such as antivirus.
Hackers use many ways to hide files. For instance, hackers use the hidden attribute in a ‘files property menus.’ However, these hidden files can be easily detected. Additionally, hackers also use steganography to hide files within another file, such as an image or audio file. This is much harder to detect than simple hidden files.
Using Common Channels
Attackers mask their footsteps by accessing encrypted channels, ports, and protocols used by legitimate applications. Additionally, they install reverse HTTP shells on victims’ computers and send communications to the network’s server. Further, hackers design reverse shells in a way that the target device will always return commands. Firewalls will read this benign HTTP traffic in the network and will allow communication between the devices. Thus, attackers gain any information from the service without leaving their footprint behind.
To read the original article, click on https://www.csoonline.com/article/3617983/5-ways-hackers-hide-their-tracks.html.