The Latest FireEye News
Product and Solution Information, Press Releases, Announcements
|FireEye Highlights Importance of Multi-flow Analysis in Detecting Advanced Malware With Latest Report|
|Posted: Tue Apr 08, 2014 02:27:27 PM|
Four New Techniques Uncovered for Malware to Evade Traditional, File-Based Sandboxing Technologies.
Milpitas, CA -- April 8, 2014 -- FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, today announced the release of “Hot Knives Through Butter: Evading File-based Sandboxes.” Drawing from data uncovered in observing thousands of advanced attacks that avoided detection by signature-based security solutions and file-based sandboxing solutions, “Hot Knives” provides a look at how important contextual analysis within a hardened hypervisor has become in fighting advanced attacks.
“Stealth and evasion represent the basic tools of the trade for advanced attackers, and security professionals need to stay on top of the latest techniques to avoid becoming the next headline,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “Today, sandboxes are becoming a standard in security — but not all sandboxes are built alike. Knowing how sandboxes work and the evasion techniques deployed against them can help avoid a serious breach."
Originally released in August 2013, “Hot Knives” detailed 11 evasion techniques used by advanced persistent threats (APTs) and advanced malware to bypass configuration-specific, environment-specific, VMware-specific, and human interaction-based sandbox testing techniques. The four new techniques detailed in this latest version of the report include:
“Today’s attackers have built techniques to bypass the use of virtualization and sandboxing in the enterprise for far longer than traditional security solutions have been designed to think about them,” said Abhishek Singh, senior staff research scientist engineer, FireEye. “Approaching security from the standpoint of monitoring activities without context around them is akin to navigating without a compass. With these latest techniques, it is more important than ever to look beyond the surface of what file-based sandboxing technologies can do.”