The Challenge

[et_pb_section fb_built=”1″ _builder_version=”4.4.7″ background_color=”#242424″ background_enable_image=”off”][et_pb_row _builder_version=”3.25″][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_image src=”” align=”center” align_tablet=”center” align_phone=”” align_last_edited=”on|desktop” _builder_version=”3.23″][/et_pb_image][et_pb_text _builder_version=”4.4.7″]

The Challenge

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.7″ background_color=”#242424″ border_radii=”off|5px|5px||”][et_pb_column type=”4_4″ _builder_version=”4.4.7″][et_pb_text _builder_version=”4.4.7″ text_font=”||||||||” text_text_color=”#ffffff” text_font_size=”20px” text_orientation=”center” custom_margin=”|17px||||” custom_padding=”|||17px||”]

Attackers continuously advance their methods to design, create, and deliver malware.  This results in an arms race with enterprises and cybersecurity industry who are likewise developing defenses.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.7″ background_color=”#242424″ locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.4.7″][et_pb_text _builder_version=”4.4.7″ custom_padding=”|||17px||”]

Malware writers use tailored evasive techniques to hide from attack detection tools, e.g.:

Security Endpoint Tools static analyzers operating at the host/server and PC/laptop level, like: A/V tools, IDSs, HIDs, debuggers, etc.

Network Endpoint Tools static analyzers operating at the network level, like: firewalls, NIDs, etc.

Sandbox Tools dynamic analyzers operating at the network level, like: denotation chambers, light sandboxes, sandboxes, etc.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.4.7″][et_pb_row _builder_version=”4.4.7″][et_pb_column type=”4_4″ _builder_version=”4.4.7″][et_pb_accordion _builder_version=”4.4.7″ hover_enabled=”0″][et_pb_accordion_item title=”Malware Facts” _builder_version=”4.4.7″ hover_enabled=”0″ open=”off”]
  • Antivirus tools detect only 43% of attacks [Ponemon 2018]
  • Zero-day malware can go undetected for 4-6 months. [Ponemon 2018]
  • Zero-day attacks are increasing – 37% of malware attacks today. [Ponemon 2018]
[/et_pb_accordion_item][et_pb_accordion_item title=”Malware Statistics” _builder_version=”4.4.7″ hover_enabled=”0″ open=”off”]
  • Over 66% is obfuscated [2019 Q4 Report by WatchGuard]
  • Over 93% is polymorphic [2019 Threat Report by WebRoot]
  • 78% of malware uses file packing to evade detection [2017 Annual Report by PandaLabs]
  • Automated malware distribution accounts for 70%-80% of attacks [2019 Q4 Report by WatchGuard]
  • 28% of security breaches involved malware [2020 Data Breach Investigations Report by Verizon]
[/et_pb_accordion_item][et_pb_accordion_item title=”Malware Costs” open=”on” _builder_version=”4.4.7″ hover_enabled=”0″]
  • 86% of security breaches were financially motivated [2020 Data Breach Investigations Report by Verizon]
  • 27% of malware incidents attributed to ransomware [2020 Data Breach Investigations Report by Verizon]
  • A single ransomware incident costs $713,000 on average [Reported to CNBC by Kaspersky Lab]
  • Total cost of an average malware attack is $2.6m [2019 Cost Of Cybercrime Study by Accenture]
  • The March 2018 malware attack on Atlanta’s Payment Portal, with a variant of SamSam, resulted in:             
               – Atlanta paying $50,000 in ransom
               – The City covering $2,267,328 in recovery costs
               – Citizens unable pay their water bills
               – Law enforcement writing reports by hand
               – The City unable to take applications for employment [Jan 2020 CPO Magazine]

[/et_pb_accordion_item][et_pb_accordion_item title=”Evasive Techniques Against Static Analysis” _builder_version=”4.4.7″ open=”off”]

Malware writers use techniques to hide the malicious code from being scanned, thus avoiding and evading having its signature detected, including:

  • Polymorphismwhere the code in malware is slightly changed, so that it does not match the original code signature, so hash lookups are no longer found
  • Control-Flow Obfuscationwhere the malware is purposeful hidden by making the code unreadable to binary analysis tools
  • Packingwhere the code in the malware is encrypted to prevent its analysis
[/et_pb_accordion_item][et_pb_accordion_item title=”Evasive Techniques Against Dynamic Analysis” _builder_version=”4.4.7″ open=”off”]

The malware checks some condition and does not execute the malicious code in those conditions, thus avoiding and evading detection by a sandbox, including:

  • Sleeping/Hidingwhere the malware sleeps or executes useless work until a sandbox times out
  • Detecting User Inputwhere the malware seeks user input, often not provided by a sandbox
  • Detecting A Sandboxwhere the malware runs tests to determine if a sandbox is present
  • Targeted Attackswhere the malware only attacks an intended victim computer identified by IP address, username, machine name, etc., so its attack remains hidden in a sandbox
  • Timing Based Attackswhere the malware checks for a specific date or time, which is unlikely in the short sandbox run
[/et_pb_accordion_item][/et_pb_accordion][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.4.7″ background_color=”#f2f2f2″ min_height=”55px” height=”245px” global_module=”5229″ saved_tabs=”all”][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.4.7″ background_color=”#f2f2f2″ width=”24%” max_width=”2560px” min_height=”5px” custom_margin=”-2px||||false|false”][et_pb_column type=”1_3″ _builder_version=”4.4.7″][et_pb_text _builder_version=”4.4.7″ width=”100%” max_width=”100%” module_alignment=”center” custom_margin=”|0px||0px|false|false”]

free trial

[/et_pb_text][/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.4.7″][et_pb_text _builder_version=”4.4.7″]


[/et_pb_text][/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.4.7″][et_pb_text _builder_version=”4.4.7″ custom_margin=”|||0px|false|false”]


[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.7″ custom_margin=”-17px||||false|false”][et_pb_column type=”4_4″ _builder_version=”4.4.7″][et_pb_image src=”×29.png” align=”center” align_tablet=”center” align_phone=”” align_last_edited=”on|desktop” _builder_version=”3.23″][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.7″ custom_margin=”-33px||||false|false”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.4.7″ text_font=”||||||||” text_font_size=”10px” text_orientation=”center”]

Copyright 2020, SecondWrite, Inc.  All rights preserved.