Hackers Use False Flags to Deceive Security Experts and Victims

Malicious developers have changed tactics to deceive the security engineers and victims by modifying the flags of the dangerous payloads.

False Flags Are the Newest Tactic Developed by Hackers

False Flags are the newest malicious tactics that has been identified by security experts. This deception techniques modifies the flags of the timestamps, malware, language strings and other important meta data and elements of the payloads.

Experts from Kaspersky Labs identified the false flags that have been used by various malware variants:

  • Timestamps

The malware samples carry a timestamp that shows the time and date of compilation. If enough samples of the same type are collected, the security experts can determine the working hours. This analysis is used to estimate the time-zone of the malicious operators.

  • Language Flags

All malware include strings and debug paths which give information about the developer of the program. The most obvious clue is the language of choice. The debug paths can also reveal the user name of the hacker, the internal naming conventions for the project or the attack campaign. Also phishing documents can include meta data that saves state information that points to the developer’s actual computer. The hackers can manipulate the language markers to confuse security research.

  • Backend and Infrastrucutre Connections

The Command and Control (C&C) remote malicious servers can be used to locate the country of origin of the attackers. False flags can be used to create intentional connectivity failure to fool the security analysis of various malware.

  • Toolkit Contents – Code, Malware, Passwords and Exploits

The use of certain exploit toolkits can be used to identify the strategies and intentions of the malicious operators. The detection of a certain malware threat can help the security reseachers to reveal information about the location or the identity of the hackers.

  • Victims

Hackers can use long victim lists to deceive the actual targets in a large-scale attack.

Was this content helpful?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *