Though it is unclear when digital obfuscation started being developed seriously, we can point to a few milestones over the last 40 years. Much like early viruses, many early applications of obfuscation were not malicious.
1984 saw the creation of the International Obfuscated C Code Contest, which was the first competition in the world to see who could write the most obfuscated C program. Though it was more of an academic exercise to push the boundaries of obfuscation, it also revealed the power of obfuscation through many mind-boggling creations over the years.
Things picked up in the 1990s and 2000s as digital watermarks, a form of steganography, were used to identify copies of illegally distributed music and movies. This coincided with the passing of the Digital Millennium Copyright Act (DMCA) in 1998, which was used by the music and movie industries to combat piracy.
The early 2000s also saw the first instances of obfuscated malware. In 2005, we saw the PoisonIvy remote access trojan (RAT) hide part of its code to evade signature-based detection tools. Another RAT, Hydraq, used spaghetti code in 2009 as a means of obfuscation. It rearranged code blocks so that it could not be followed linearly, then used jump instructions to execute them in the right order.
Notably, the MITRE ATT&CK entry on obfuscated files or information is relatively new, having only been created on 31 May 2017. Few procedure examples in its database were found before 2015, indicating an explosion of interest around obfuscation in recent years.
More recently, we see signs of maturation and commercialization in the marketplace. In 2020, researchers found a number of vendors providing obfuscation-as-a-service for Android applications, with prices starting at $20 per APK. Impressively, this off-the-shelf service reduced payload detection rates by nearly 50%.
FAQs
Compression, encryption, and encoding are some of the most common obfuscation methods used by threat actors. Multiple methods are often used in tandem to evade a wider variety of cybersecurity tools at the initial point of intrusion.
What are the techniques of obfuscation? ›
Three of the most common techniques used to obfuscate data are encryption, tokenization, and data masking. Encryption, tokenization, and data masking work in different ways. Encryption and tokenization are reversible in that the original values can be derived from the obfuscated data.
What are malware detection techniques? ›
Signature-based detection (SBD)
Signature-based detection works by identifying malware through its unique identifier, known as signatures, comparing it to an existing malware database, and eliminating it before infiltrating a system.
What are two techniques that malware can use to avoid detection? ›
Packers and Crypters: Packers and crypters are techniques used in malware to evade signature-based detection. Packers are tools that compress and encrypt the malware's code, creating a new executable that requires a specific unpacking routine to be executed, before revealing the original malicious code.
What is an example of obfuscation? ›
Within the illegal drug trade, obfuscation is commonly used in communication to hide the occurrence of drug trafficking. A common spoken example is "420", used as a code word for cannabis, a drug which, despite some recent prominent decriminalization changes, remains illegal in most places.
What are the 3 methods for protecting your device from malware? ›
Antivirus software, antispyware software, and firewalls are also important tools to thwart attacks on your device.
- Keep up-to-date. ...
- Antivirus software. ...
- Antispyware software. ...
- Firewalls. ...
- Choose strong passwords. ...
- Use stronger authentication. ...
- Be careful what you click. ...
- Shop safely.
A tool called an obfuscator will automatically convert straightforward source code into a program that works the same way, but is more difficult to read and understand. Unfortunately, malicious code writers also use these methods to prevent their attack mechanisms from being detected by antimalware tools.
How do attackers use obfuscation? ›
In the case of "bad" obfuscation, hackers combine various techniques to hide malware and create multiple layers of disguise. One of these techniques is packers. These are software packages that compress malware to hide its presence and make the original code unreadable.
What are the best practices for obfuscation? ›
Prefer using irreversible data obfuscation techniques
Hiding information is pointless if the persons who seize it can reverse-engineer the process and decrypt it using a key or a tool. So, it's best to adopt irreversible methods of data obfuscation like data masking or data anonymization.
How to detect hidden malware? ›
How To Know if You Have Malware
- suddenly slows down, crashes, or displays repeated error messages.
- won't shut down or restart.
- won't let you remove software.
- serves up lots of pop-ups, inappropriate ads, or ads that interfere with page content.
- shows ads in places you typically wouldn't see them, like government websites.
Find more signs of malware
- Alerts about a virus or an infected device.
- Anti-virus software you use no longer works or runs.
- A significant decrease in your device's operating speed.
- A significant, unexpected decrease in storage space on your device.
- Your device stops working properly or working altogether.
Check for Android malware using Play Protect
- Open the Play Store on the Android device you want to scan.
- Tap on your profile in the upper-right corner.
- Tap on Play Protect.
- Tap Scan.
- Tap on the option to remove any detected malware.
How to prevent malware
- Keep your computer and software updated. ...
- Use a non-administrator account whenever possible. ...
- Think twice before clicking links or downloading anything. ...
- Be careful about opening email attachments or images. ...
- Don't trust pop-up windows that ask you to download software. ...
- Limit your file-sharing.
Fileless Malware
Because the operating system recognizes the edited files as legitimate, a fileless attack is not caught by antivirus software — and because these attacks are stealthy, they are up to ten times more successful than traditional malware attacks.
What is the type of malware that tricks? ›
Trojans. A Trojan (or Trojan Horse) disguises itself as legitimate software to trick you into executing malicious software on your computer. Because it looks trustworthy, users download it, inadvertently allowing malware onto their device.
What are three tools that can be used in the data obfuscation process? ›
Data masking, encryption, and tokenization are three common data obfuscation techniques. Each type has strengths in protecting against destructive malware. Familiarizing yourself with data obfuscation techniques will help you protect your sensitive data—and educate you in case obfuscation is used against you.
What is the method of concealing malware? ›
Encryption: This approach encrypts the virus code, which remains concealed until runtime, when it decrypts itself. Various encryption methods can be utilized, making it impossible to determine the malware's true code.
Which tool is used to handle packed and obfuscated malware? ›
The best (and quickest) way to unpack packed malware is to use a tool. Exeinfo PE is one such tool that will analyze the code to determine if it has been packed. It can often identify the packer used as well. UPX is one commonly used packer tool that includes the unpacking feature.
