Is dynamische analyse voldoende om hardnekkige malware-aanvallen te stoppen?
Malware authors are evolving as quickly as the AV and security vendors are.
If you've been following industry news, you often hear about major malware infections and their impact, but rarely do you learn why these attacks were successful in the first place.
While a portion of malware is stopped by anti-virus and next-gen solutions, cybercriminals are turning to the art of evasion to ensure infection.
Just how evasive is malware today? We have conducted extensive testing and evaluation of malware in the last year, and uncovered some extremely brilliant techniques attackers are using to fingerprint and differentiate a user from a machine, or a sandbox from a human.
Attackers have implemented these techniques for their malware campaigns over the last year, usually utilizing more than one technique every time, and up to 40 different techniques in the same malware.
Evasive Tactics Abound in Malware Cases
Such malware has passed through several prior stages of automated analysis and has still not been definitively categorized as benign or malicious.
We discovered that over 98% of malware making it to the sandbox array uses at least one evasive tactic, and that 32% of malware samples making it to this stage were what we could classify as extremely evasive, layering on six or more detection evasion techniques.
We were able to discover unique tools in the attacker’s arsenal, used to craft very effective evasion technologies that can be tailored to almost every case and every sandboxing solution.
In essence, what was considered to be a complicated mix of malware development and evasion research—which is mostly attributed to highly-targeted attacks—has turned out to be a rather easy use of existing tools with minimal complexity and high efficiency.
How exactly are attackers leveraging technologies and tools to evade dynamic analysis? How can you tackle evasive malware by using your existing controls? We believe that by tweaking and tuning your solutions, you can get the most out of your sandbox. By understanding the pros and cons of the technology, you would be able to better assess your existing layers of defense.
Want to Learn More? Find us at Infosecurity Europe
If you are attending Infosecurity Europe in London from June 4-6, I’ll be talking more about this topic in a session on June 5 titled: Evasive Malware: How Attackers Bypass Dynamic Analysis.
In this talk, I’ll describe and showcase high-level, low-level, known and unknown techniques for malware authors to evade and bypass current advanced network-based anti-malware engines and similar other anti-malware solutions.
I’ll share live examples and talk about the techniques leveraged by attackers to create uniquely stealthy malware. You’ll come away with a better understanding of how these attacks works, and how to apply additional policies and tweaks to enhance their solutions at the gateway.
Reserve your time to discuss your email security and cyber resilience plans at Infosecurity Europe here.
Wil je nog meer geweldige artikelen zoals deze? Schrijf je dan in op onze blog.
Krijg al het laatste nieuws, tips en artikelen direct in uw inbox afgeleverd
Bedankt voor uw inschrijving
U ontvangt binnenkort een e-mail
Misschien vind je dit ook leuk:
De terugkeer van de Equation Editor Exploit – DIFAT Overflow
The latest from Mimecast Research Labs. …
The latest from Mimecast Research Labs. Summary In the last… Read More >
ESRA Rapport van maart: focus op Office 365
What Office 365 misses may surprise you.…
What Office 365 misses may surprise you. With this blog I a… Read More >
DNSpionage ontsluierd
Espionage is the subject of more novels …
Espionage is the subject of more novels and Hollywood films … Read More >