Is Dynamic Analysis Enough to Stop Evasive Malware Attacks?
 

If you've been following industry news, you often hear about major malware infections and their impact, but rarely do you learn why these attacks were successful in the first place.

While a portion of malware is stopped by anti-virus and next-gen solutions, cybercriminals are turning to the art of evasion to ensure infection.

Just how evasive is malware today? We have conducted extensive testing and evaluation of malware in the last year, and uncovered some extremely brilliant techniques attackers are using to fingerprint and differentiate a user from a machine, or a sandbox from a human.

Attackers have implemented these techniques for their malware campaigns over the last year, usually utilizing more than one technique every time, and up to 40 different techniques in the same malware.

Evasive Tactics Abound in Malware Cases

Such malware has passed through several prior stages of automated analysis and has still not been definitively categorized as benign or malicious.

We discovered that over 98% of malware making it to the sandbox array uses at least one evasive tactic, and that 32% of malware samples making it to this stage were what we could classify as extremely evasive, layering on six or more detection evasion techniques.

We were able to discover unique tools in the attacker’s arsenal, used to craft very effective evasion technologies that can be tailored to almost every case and every sandboxing solution.

In essence, what was considered to be a complicated mix of malware development and evasion research—which is mostly attributed to highly-targeted attacks—has turned out to be a rather easy use of existing tools with minimal complexity and high efficiency.

How exactly are attackers leveraging technologies and tools to evade dynamic analysis? How can you tackle evasive malware by using your existing controls? We believe that by tweaking and tuning your solutions, you can get the most out of your sandbox. By understanding the pros and cons of the technology, you would be able to better assess your existing layers of defense.

Want to Learn More? Find us at Infosecurity Europe

If you are attending Infosecurity Europe in London from June 4-6, I’ll be talking more about this topic in a session on June 5 titled: Evasive Malware: How Attackers Bypass Dynamic Analysis.

In this talk, I’ll describe and showcase high-level, low-level, known and unknown techniques for malware authors to evade and bypass current advanced network-based anti-malware engines and similar other anti-malware solutions.

I’ll share live examples and talk about the techniques leveraged by attackers to create uniquely stealthy malware. You’ll come away with a better understanding of how these attacks works, and how to apply additional policies and tweaks to enhance their solutions at the gateway.

Reserve your time to discuss your email security and cyber resilience plans at Infosecurity Europe here.