When companies relied on the static analysis of binaries to determine whether a program is malicious, attackers came up with a simple way to bypass defenses: obfuscating the code with packers and other techniques.
Many security firms then moved onto dynamic analysis, allowing a program to run in a sandboxed or virtual environment and looking for signs that it was doing something malicious. The strategy is a significant departure from the past, when authors created code that would noisily attempt to exploit a number of vulnerabilities, says Michael Sutton, vice president of research for Zscaler, a cloud security provider.
“A few years ago, we would see them throw everything at the machine, and hoped that one of them worked,” he says. “The downside is that it creates more noise and is more likely be picked up by host-based AV. Now, we see them being more surgical in their attacks and only delivering the payload that will work on the compromised platform.”
SOURCE: darkreading.com
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…