Sandbox Array and APT in Asia Pacific

by Sylvain Lejeune

malwareMiscellaneousWeb Security

Year of the Breach

2014 was called by many the “year of the breach”. Throughout the Asia Pacific region , high-profile cases hit the headlines.

In Jan 2014, the personal data of 20 million South Koreans -- or 40% of the country's population -- was stolen, sparking outrage as worried consumers scrambled to replace compromised credit cards. Customer details appear to have been swiped by a worker at the Korea Credit Bureau.  In May it was revealed that Singapore’s Ministry of Foreign Affairs’ (MFA) was breached, although no details were released as to the scope of the attack.  And cyber attacks continued unabated as, during June, it was the Japan Pension Service’s turn to get hacked. This was followed in August by South Korean authorities revealing details surrounding a massive data breach that impacted 27 million people aged 15-65. The compromised data came from website registrations for various games and online gambling promotions, ringtone storefronts, and movie ticketing. 

About Layered Approach and Sandboxes

While publically disclosed data breaches this year have increased, the majority are not reported, and many go undetected. Whilst some of these organizations were unprepared or slow to respond, many others have adopted a layered approach to prevent cyber security breaches as well as to mitigate the situation should a breach occur. As attacks are increasingly targeted, sophisticated, and evasive, many enterprise and government agencies are combining multiple engines, tools, feeds, and technologies each of which brings different detection benefits, to enhance threat detection capabilities with the objective being to significantly reduce the risk of cybercrime.

Included in this layered approach are sandboxes. Sandboxing works by running code inside a tightly controlled environment, in which one can monitor and analyze the code's behavior. While sandboxes are useful as part of the overall defensive process, malware sandbox evasion techniques are continuously improving. One sandbox cannot detect every zero-day malware. Malware writers have come up with ways to detect the presence of a sandbox and then evade sandbox analysis.  These includes delaying the “detonation” of malicious code, geolocation awareness (the piece of malware only runs only in specific regions/countries), etc. 

Sandbox

 

Next Generation Cyber Threat Protection

This is why a new approach is needed with a next generation Cyber threat protection service to identify and remediate advanced persistent threats. The critical element is to ensure “proper” detonation of malware. CYREN’s mass-scale sandbox array service is characterized by a high degree of intelligence to orchestrate the array’s multiple sandboxes (virtual, physical, mobile etc) and provides detailed information about both network activity and behavior at the OS level. 

We anticipate CYREN’s sandbox array will become an integral part of any security sensitive organization’s layered security strategy. It will also become essential to mid-market sized companies and SMB’s who may not be able to afford the resources to procure, deploy, administer and upgrade their own sandboxes at multiple locations.

Further information about CYREN's Next Generation Sandbox Service can be found here. 

Go back