Malware evades defenses during attacks: FireEye Report
A report revealing several techniques used by advanced malware to avoid signature-based defenses during attacks has been released by FireEye. The report titled, "Hot Knives through Butter: How Malware Evades Automated File-based Sandboxes", also leverages multi-flow analysis to detect latest evasion methods. This report outlines the methodologies malware authors are using to evade file-based sandboxes.
In today’s threat landscape, traditional sandboxes no longer offer a silver bullet against sophisticated attackers. Malware is increasingly able to determine when it is running in a virtual environment and alter its behaviour to avoid detection. Effective detection requires analyzing the context of behaviour and correlating disparate phases of an attack through multi-flow analysis, which is how our researchers identified the malware samples outlined in this paper, said Zheng Bu, Senior Director of Research and Co Author of the Report.
The FireEye Labs research team leveraged the company's Multi-Vector Virtual Execution (MVX) engine's signature-less, dynamic, real-time detection capability to identify new evasion techniques.
Understanding the techniques malware authors are using to evade detection from file-based sandboxes will allow security professionals to better identify the potential for an Advanced Persistent Threat (APT) attack.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.