L
LabZero
Thread author
Hello everyone,
Lately we hear more and more often speak of advanced malware attacks and in this thread I gathered the main characteristics of these attacks.
Traditional security measures, for instance based on signatures and such as firewall, antivirus, no longer enough. Work against less sophisticated attacks but cannot do much against new cyber criminals, who often (70-90% of cases) use malware not known, obfuscated, masked to be unrecognizable!
Here is a brief description of these very dangerous techniques, some recent others less.
Polymorphism: is the ability of a malware to change continuously, to make digital signatures based systems ineffective at detection.
Binary Retraining: same goal of tactics above, reached by modifying the binary structure of the object while maintaining unchanged the malicious functionality.
Recoding with Masking: the malicious executable object is hidden within commonly used file types, to push the unsuspecting user to run the malicious code. These are file types, for example, PDF or Microsoft Office files.
Malware Encapsulation : the malicious code is hidden by extending to legitimate files, commonly used by users. For example, a new version of a popular text editor or a game may hide dangers.
Multi-Flow Attacks: attack is fragmented across multiple flows of information, so as to confound even the tools of modern sandboxing but perform individually analysis objects. These items will be labeled as harmless, because they are only a part of the attack.
Multi-Vector Attacks: the attack is launched with a logic that integrates components inoculated on more vectors (web, mail, file) of the surface of intrusion in order to hide the activity to solutions that monitor only one vector (e-mail gateway).
Escape from Sandbox: the malware code controls the environment in which it is performed to search for signs of typical monitoring of virtual environments (sandbox), remaining harmless or non-operational to deceive these systems.
This is not an exhaustive list, but i hope to raise the level of concern over the choice of defense systems.
Regards.
Lately we hear more and more often speak of advanced malware attacks and in this thread I gathered the main characteristics of these attacks.
Traditional security measures, for instance based on signatures and such as firewall, antivirus, no longer enough. Work against less sophisticated attacks but cannot do much against new cyber criminals, who often (70-90% of cases) use malware not known, obfuscated, masked to be unrecognizable!
Here is a brief description of these very dangerous techniques, some recent others less.
Polymorphism: is the ability of a malware to change continuously, to make digital signatures based systems ineffective at detection.
Binary Retraining: same goal of tactics above, reached by modifying the binary structure of the object while maintaining unchanged the malicious functionality.
Recoding with Masking: the malicious executable object is hidden within commonly used file types, to push the unsuspecting user to run the malicious code. These are file types, for example, PDF or Microsoft Office files.
Malware Encapsulation : the malicious code is hidden by extending to legitimate files, commonly used by users. For example, a new version of a popular text editor or a game may hide dangers.
Multi-Flow Attacks: attack is fragmented across multiple flows of information, so as to confound even the tools of modern sandboxing but perform individually analysis objects. These items will be labeled as harmless, because they are only a part of the attack.
Multi-Vector Attacks: the attack is launched with a logic that integrates components inoculated on more vectors (web, mail, file) of the surface of intrusion in order to hide the activity to solutions that monitor only one vector (e-mail gateway).
Escape from Sandbox: the malware code controls the environment in which it is performed to search for signs of typical monitoring of virtual environments (sandbox), remaining harmless or non-operational to deceive these systems.
This is not an exhaustive list, but i hope to raise the level of concern over the choice of defense systems.
Regards.