Security news aggregator

Latest coverage for Evasion

Stay ahead of threats with the latest on evasion techniques in infosec. Insights on how attackers bypass defenses and updates on countermeasures.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Evasion is the deliberate concealment or modification of malicious code, commands, traffic, or behavior to bypass security controls and avoid detection. Common examples include code obfuscation, encrypted or rapidly changing payloads, abuse of trusted system tools, and disguising command-and-control traffic as ordinary network activity. It can target antivirus signatures, email and web filters, endpoint monitoring, or analysts investigating suspicious activity.

Successful evasion can reduce visibility, delay detection, and allow unauthorized activity to continue, although it may still leave behavioral or operational evidence. Mitigation should combine signature detection with behavior-based analytics and reliable endpoint, identity, and network telemetry. Restricting unnecessary scripting and administrative tools, applying application controls, and protecting centralized logs make abuse harder and preserve evidence. During investigations, examine process ancestry, unusual tool use, persistence changes, and deviations from expected user or host behavior rather than relying solely on file hashes or other easily changed indicators.

Volume over time

Weekly headline count for the current query.

Showing 5 most recent headlines Filtered view
Krebs on Security 5 months, 1 week ago

Kimwolf Botnet Swamps Anonymity Network I2P

For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers.

Krebs on Security 8 months, 2 weeks ago

Aisuru Botnet Shifts from DDoS to Residential Proxies

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.

Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.

Krebs on Security 4 years, 4 months ago

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies, what it was like on a typical day at the Conti office, and how Conti secured the digital weaponry used in their attacks. This final post on the Conti conversations explores different schemes that Conti pursued to invest in and steal cryptocurrencies.

Krebs on Security 4 years, 4 months ago

Conti Ransomware Group Diaries, Part I: Evasion

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees. The records also provide insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments.