Attack Vectors
Preventing Evasion Attacks with Perception Point
Evasion techniques are as common as there are cybersecurity attacks. Even the least sophisticated attackers are able to use them with great success. By simply using new file types, a chain of links, or “IF” mechanisms, they easily bypass existing solutions.
Until today, uncovering, identifying, and preventing such techniques was almost impossible – it took too much time, technology and money. Perception Point’s proprietary engines have changed this reality. See how below.
Defense Evasion Techniques:
No More Plain Attacks
The threat landscape of content-based attacks has undergone major shifts in every manner: volume, sophistication, and diversity. Not too long ago, the attacker would use simple files (including even executables) and links to reach end-users and create havoc. However, cybersecurity vendors have come up with several solution to block such attempts, including using policies and blacklists.
The problem? Attackers have developed new ways to evade these mechanisms. For example, the attacker can host the malicious file in a cloud storage platform, such as OneDrive or Google Drive, and send a message with the link to the file. The link itself is clean so the legacy solution would not block the message and the end user will end up downloading the malicious content. Another example is the use of “Sleepers” – attackers insert internal stalling mechanisms that a sandbox can’t observe, ensuring the malicious payload will take action only when facing real end-users.
The Evasion Kill Chain
Step 1
Target Acquisition
The attacker gathers intelligence on the target, focusing on the cybersecurity technology used.
Step 2
Weaponize
Step 3
Grooming & Evasion
The attacker chooses the best evasion technique to bypass the target’s lines
of defense.
Step 4
Delivery
Step 5
Execution
Our Evasion Detectors
Perception Point uses multiple static and dynamic-based algorithms to conduct deep content inspection, uncovering highly concealed attacks, in less than a second.
RECURSIVE UNPACKER
Recursively scouts for files and URLs embedded within the email or attachments, extracts them, and scans them separately through our various detection engines. Ability to penetrate and uncover the most advanced hiding techniques.