Elizabeth Leigh
FireEye has updated a report that outlines techniques some malware authors use to evade a network infrastructure’s traditional defenses.
The latest release of “Hot Knives Through Butter: Evading File-Based Sandboxes†adds four new stealth and evasion practices to the 11 already included in the August 2013 list, FireEye said Tuesday.
The report says sandboxes isolate, test, report and monitor suspect files but are not capable of contextual analysis, providing opportunities for advanced malware and persistent threats to go undetected.
“Today’s attackers have built techniques to bypass the use of virtualization and sandboxing in the enterprise for far longer than traditional security solutions have been designed to think about them,†said Abhishek Singh, senior staff research scientist engineer at FireEye and co-author of the report.
“Approaching security from the standpoint of monitoring activities without context around them is akin to navigating without a compass,†he added.
The new report focuses on:
- malware that takes advantage of the human element via mouse click, dialog box and other events
- configuration-centric attacks that utilize sleep calls, time triggers, process hiding, malicious downloaders and execution after reboot
- the environment-based route to compromising a system through embedded iframes in files and DLL loaders
- system-service lists, the VMX port and other VMware-specific evasion techniques
