Malware authors are evolving as quickly as the AV and security vendors are.


If you've been following industry news, you often hear about major malware infections and their impact, but rarely do you learn why these attacks were successful in the first place.

While a portion of malware is stopped by anti-virus and next-gen solutions, cybercriminals are turning to the art of evasion to ensure infection.

Just how evasive is malware today? We have conducted extensive testing and evaluation of malware in the last year, and uncovered some extremely brilliant techniques attackers are using to fingerprint and differentiate a user from a machine, or a sandbox from a human.

Attackers have implemented these techniques for their malware campaigns over the last year, usually utilizing more than one technique every time, and up to 40 different techniques in the same malware.

Evasive Tactics Abound in Malware Cases

Such malware has passed through several prior stages of automated analysis and has still not been definitively categorized as benign or malicious.

We discovered that over 98% of malware making it to the sandbox array uses at least one evasive tactic, and that 32% of malware samples making it to this stage were what we could classify as extremely evasive, layering on six or more detection evasion techniques.

We were able to discover unique tools in the attacker’s arsenal, used to craft very effective evasion technologies that can be tailored to almost every case and every sandboxing solution.

In essence, what was considered to be a complicated mix of malware development and evasion research—which is mostly attributed to highly-targeted attacks—has turned out to be a rather easy use of existing tools with minimal complexity and high efficiency.

How exactly are attackers leveraging technologies and tools to evade dynamic analysis? How can you tackle evasive malware by using your existing controls? We believe that by tweaking and tuning your solutions, you can get the most out of your sandbox. By understanding the pros and cons of the technology, you would be able to better assess your existing layers of defense.

Want to Learn More? Find us at Infosecurity Europe

If you are attending Infosecurity Europe in London from June 4-6, I’ll be talking more about this topic in a session on June 5 titled: Evasive Malware: How Attackers Bypass Dynamic Analysis.

In this talk, I’ll describe and showcase high-level, low-level, known and unknown techniques for malware authors to evade and bypass current advanced network-based anti-malware engines and similar other anti-malware solutions.

I’ll share live examples and talk about the techniques leveraged by attackers to create uniquely stealthy malware. You’ll come away with a better understanding of how these attacks works, and how to apply additional policies and tweaks to enhance their solutions at the gateway.

Learn more here.

Reserve your time to discuss your email security and cyber resilience plans at Infosecurity Europe here.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

The Return of the Equation Editor Exploit – DIFAT Overflow

The latest from Mimecast Research Labs. …

The latest from Mimecast Research Labs. Summary In the last… Read More >

Meni Farjon

by Meni Farjon

Chief Scientist for Advanced Threat Detection

Posted Mar 01, 2019

March Email Security Risk Assessment Report: A Focus on Office 365

What Office 365 misses may surprise you.…

What Office 365 misses may surprise you. With this blog I a… Read More >

Matthew Gardiner

by Matthew Gardiner

Principal Security Strategist

Posted Mar 04, 2019

DNSpionage Demystified

Espionage is the subject of more novels …

Espionage is the subject of more novels and Hollywood films … Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Apr 12, 2019