Sandboxes are isolated computing environments set aside from other programs in which a program or file can be executed without affecting the application it runs or other programs; if an error or security issues occur, those issues will not spread to other areas on the computer or pose any threat to other programs. In computers, the term sandboxing has long been used to run malicious code or to test new programing code so software developers can analyze it.
However effective sandboxing may be, there are advanced, persistent threats which can evade straightforward detection. By using previously unseen malware, these attacks exploit vulnerabilities and come from brand-new or seemingly innocent hosting URLs and IPs. Their goal? To compromise their target system with advanced code techniques that attempt to circumvent security barriers.
Advanced evasion techniques by which threats can evade security barriers include, but are not limited to:
Logic Bombs
Logic bombs are code that remains dormant after installation until a specific trigger occurs. Logic bombs can be difficult to detect, since the logic conditions are unlikely to be met in the sandbox without heavy instrumentation.
Sandbox detection
Another advanced evasion technique is awareness of the sandbox environment itself. Advanced persistent threat code may contain routines that attempt to determine if it’s running in a virtual environment, indicating it might be in a sandbox, or may check for fingerprints of specific vendors’ sandbox environment. If the code detects that it’s in a sandbox, it won’t run its malicious execution path.
Rootkits and Bootkits
Advanced malware often contains a rootkit component that subverts the operating system with kernel-level code to take full control of the system. Rootkits infect the system with malware during system boot-up—something that is typically not observed by a sandbox.
Once evasions are addressed, the value of a strong sandbox shines. The goal of sandboxing is to completely replicate the behavior of malicious code seeking entry to the organization. The reality is that malware creators are privy of all forms of security technology and will build disguises and use advanced evasion techniques in the hopes of bypassing security mitigations in order to successfully deliver their malware.
If you are looking for a way to take care of your computer network, The IT pros at Gulf South Technology Solutions can help you execute a comprehensive IT risk assessment that will help keep your network safe.