Creative, stealthy malware developers are growing more and more persistent in their efforts to evade detection when attacking networks of all sizes. By identifying the signatures of traditional antivirus, malware detection and virtual sandbox solutions, they’re able to write code that gets around them by masking or hiding their malicious nature.

To beat malware authors at their own game, advanced sandbox solutions are emerging that can detect the behavioral signatures of malicious programs while hiding their own.

The Disguised and Hidden Faces of Modern Malware

Unlike the malware attacks of yesterday that focused on causing direct damage to a specific system, malicious programs today are increasingly aimed at the surreptitious theft of valuable information. Careful innovation by malware authors has made it possible to develop malicious code that can hide from known security techniques.

Of these, the most popular are ghostware and two-faced malware, and hiding malware in compressed files.

The invisible thief, ghostware infiltrates, steals and then eradicates all traces of compromise before exiting the network environment. It may be some time before an organization realizes it’s been exposed, which makes data recovery all the more difficult if possible at all.

In contrast, two-faced malware disguises itself as a completely benign program while under scrutiny in a security sandbox environment. Once deemed “safe,” it’s released into the greater network where it launches its malicious attack. If the sandbox transmits the malware’s safe rating to threat intelligence, it can no longer be recognized in future attacks.

Other malware programs hide themselves in compressed files, which can’t be detected by traditional anti-malware tools that only identify malicious code in ZIP file formats. Although the tactics differ, the goals are the same: Retrieve data or sabotage the system without being found out.

Why You Need A Smarter Sandbox To Stop Stealth Malware

Sandboxing has traditionally been one of the first lines of defense against malicious programs. Then run potentially malicious programs in an isolated security environment, where it can be quarantined and prevented from infecting the network if suspicious behavior is detected. The sandbox then relays the information to threat intelligence so the malware detection systems know to stop it in potential future attacks.

This was a fairly reliable method of stopping threats from compromising networks—before malware authors became skilled at creating programs that appear harmless to threat detection systems. What you need instead is a smarter, more advanced security sandbox that fools malware into acting as if it’s in your network when it’s really undergoing observation in the sandbox’s isolated, virtual environment.

By simulating your operating environment, the sandbox can identify whether a program is executing malicious behavior, give it the appropriate risk rating, share it with threat intelligence, and remove it from the network before it impacts data. In a layered, defense-in-depth security architecture, the intelligence is shared with firewalls and other threat monitoring and detection so the malware can be identified in future attacks.

Test Your Metal

If you’re looking for a fast, safe way to assess the capability of your cybersecurity platform to outsmart stealth malware, put it through a free, online Test Your Metal exercise with our partner, Fortinet. Then work with an experienced systems integrator like SpartanTec to strengthen your defense. Through our partnership with Fortinet, we offer the expertise and advanced technology you need to deploy a layered, defense-in-depth cybersecurity platform that can stand up to stealth malware.