Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Sandbox evasion malware used for cyber espionage, new study shows
#1
Quote:Positive Technologies analysed 36 malware families containing sandbox detection and evasion capabilities that have been active in the last 10 years.
 
The company's findings show that 25% of that malware was active in 2019-2020, and that at least 23 APT groups around the world have used them in attacks.
 
As they traced the evolution of sandbox evasion and anti-analysis techniques, Positive Technologies experts observed that the same malware used different methods in different years to evade these tools.
 
Additionally, attackers would try to stack multiple techniques simultaneously.
 
If one method did not work and was thwarted by the sandbox, this malware would use other signs to determine whether it is running in a virtual environment and, if so, terminate itself to avoid discovery.
 
These techniques were most common in remote access tools (56% of the malware in question) and loaders (14%).
 
According to the analysis, the most common sandbox evasion techniques seen were Windows Management Instrumentation (WMI) queries (25% of malware), other environment checks (33%), and checking the list of running processes (19%).
Cyber espionage attacks have comprised 69% of the analysed malware.
 
Such attacks require staying invisible on the victim's system as long as possible, which is why malware developers look for ways to stealthily establish and maintain persistence, the analysts state. 
 
Malware developers often use obfuscation to frustrate attempts to analyse their code, the analysts state. As a result, it is increasingly difficult to perform static analysis of malicious files and match suspicious files with known signatures and hash sums.
 
Positive Technologies senior analyst Olga Zinenko explains, "This malware is used to perform reconnaissance and gather information about the target system.
"If attackers spot that the malware is running inside a virtual environment, such as a sandbox, they will not pursue this attack vector or download the payload. Instead, the malware goes dormant in order to maintain stealth."
 
Positive Technologies head of malware detection Alexey Vishnyakov says, “In recent years, malware developers have been trying especially hard to evade code analysers.
 
"Hackers do all they can to hide malicious functions from security researchers and avoid tripping any known indicators of compromise.
"Traditional defences may not be able to detect malicious programs. For detecting today's malware, we recommend analysing file behaviour in a secure sandbox environment.
"Using a sandbox enriches IOC databases and provides companies with information for improving cyber threat response.”
 
Positive Technologies creates solutions for information security. This includes products and services to detect, verify, and neutralise real-world business risks associated with corporate IT infrastructure.


Source 
Reply
#2
It has been a while since I ran Sandboxie.
Reply
#3
shadow defender I Have a Lifetime License I won Works Very Good Running Software you you don,t want to run on your normal PC Unsandboxed
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Kaspersky study: companies seek specialized expertise to combat AI cyber threats mrtrout 0 31 11-21-2024 , 05:40 PM
Last Post: mrtrout
  Researchers Uncover 'Process Ghosting' — A New Malware Evasion Technique mrtrout 0 971 06-17-2021 , 08:34 PM
Last Post: mrtrout
  Cyber attack forces live TV shows off-air on Australia’s Channel 9 mrtrout 0 1,152 04-01-2021 , 12:31 AM
Last Post: mrtrout
  Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack mrtrout 0 1,152 12-24-2020 , 06:49 AM
Last Post: mrtrout
  Cyber researchers find new malware alien which can steal credentials from 226 Android dhruv2193 0 1,496 09-25-2020 , 08:28 AM
Last Post: dhruv2193



Users browsing this thread: 1 Guest(s)