Cyber Security – Looking at all things ‘Evil’
The world of cyber security can get a tad dry sometimes. Firewalls, encryption, vulnerabilities, patching – all super important of course, however there’s a hidden layer where creativity and drama reign supreme: and that’s naming conventions.
In the spirit of cyber mischief, let’s take a peek into the ‘evil‘ side of cyber security naming conventions.
All Things Evil!
- ‘Evil Twin’: A fake Wi-Fi hotspot masquerading as a real one. This malicious access point, appears as a legitimate “twin” of a real network and tricks unsuspecting users into connecting to it. Once connected the attacker can intercept traffic allowing them to grab sensitive information such as login credentials, or allowing the launch of various types of cyber attacks against the unsuspecting victim.
- ‘Evil Maid‘: A type of attack targeting unattended devices in hotel rooms or other public spaces. The attacker requires physical access (like a hotel maid!) and is then able to physically install hidden malware – leaving you none the wiser. Real James Bond stuff.
- ‘Evil Grade‘: An exploit kit that cyber criminals use to deliver malware through a compromised or poorly configured website, by tampering with update files or presenting fake requests and pages relating to software updates. Attackers can inject malware or malicious code into an update process or trick users in to downloading them as updates essentially giving the attacker a backdoor into their system.
- ‘Evil Clicker’: A malware that automatically clicks online ads, generating revenue for the attacker. Evil Clicker infects devices through various means, such as phishing emails, and once installed, it operates stealthily in the background continuously generating fake clicks while remaining undetected by the user. While it could be argued Evil Clicker is not entirely malicious, it’s still very unwanted.
- ‘Evil Cursor’: A type of user interface (UI) attack where the malware manipulates the behaviour of the cursor on a computer screen to perform unauthorised actions. It can be deployed through various avenues such as malicious websites, compromised software, or phishing emails, and can trick users into clicking on hidden elements on webpages, leading to unintended consequences such as unauthorised downloads and installations of other malware.
- ‘Evilution‘: While not a specific attack method, it’s a play on words often used to capture the gradual progression of malware or malicious code over time, adapting to security measures and evolving its capabilities. ‘Evilution’ could be applied to various strategies, including polymorphism, encryption, and obfuscation – all designed to make malware more resilient, longer lasting and more challenging to security defences.
- ‘EvilCorp‘: Refers to large well-funded and well organised international cybercrime network with significant tooling and capability, who pose significant threat to businesses and governments alike. EvilCorp was arguably most famous for releasing the Dridex malware (sometimes referred to as Cridex or Bugat) which targeted user banking credentials, and around 2019 the US government estimated thefts in the hundreds of millions of dollars. EvilCorp is still reputed to be highly active and effective in the Ransomware space.