Being a cybercriminal means being creative and coming up with new ways to breach a network. Usually, some innovation allows the breach of a system. However, while some of the actors out there are working on new ways to get into networks, others use time-tested methods.
In a new report by Kaspersky, it appears that cybercriminals are getting creative to get past the modern methods of security developed to keep them out.
Sometimes, they will use new methods, and other times, they will try to take some old school methods and put a spin on them to make them work in new ways.
Telecom companies in Europe are targeted
The security firm spotted an unknown hacker using a custom bootkit for an essential piece of hardware in modern PCs, UEFI. Kaspersky says that the bootkit is for EUFI and that the infection vector was a part of a multi-stage framework called MosaicRegressor. It was not easy to remove.
Other criminals abused the Authenticode-signed Windows Defender Binary by deploying stenography to access the approved program for Windows Defender.
Kaspersky has spotted the attacks aimed at telecom companies in Europe. Most of the attackers have one goal in mind; to make their tools as hard to detect or remove as possible.
Old is gold
One of the prominent groups is MuddyWater APT and Dtrack RAT. However, while these actors innovate and develop new methods to get into the networks, some of them are using old and low-tech infection chains with astonishing success.
DeathStalker, one of the mercenary groups out there, has been using the same attack method for three years now.
The scope of attacks gets more expansive every day, and continuous work must be done to stop new infections chains.