Information security specialists talked about the growing popularity of software with tools to bypass one of the most common sandbox security systems, which runs files in an isolated virtual environment.
Positive Technologies (PT) found that 69% of such programs were used in hacker attacks for espionage purposes. 31% of the same malware (malware) served cybercriminals for financial gain. To do this, experts analyzed 36 software families that have been used by 23 hacker groups over the past 10 years.
Olga Zinenko, Senior Analyst at Positive Technologies, noted that the popularity of sandbox bypass tools in remote access software and downloaders is due to the fact that these programs are usually used in intelligence and gathering information about the target system.
“If cybercriminals discover that malware has started executing in a virtual environment, then they will not develop this attack vector and download a malicious load to the victim’s computer, but will try to hide their presence by stopping the malware,” the expert explained.
In turn, Stanislav Fesenko, head of the Group-IB system solutions department, explains the activity of hacker groups armed with specific malware by shifting the attack vector from the financial sector to the enterprises of the fuel and energy complex (FEC), industrial type and the public sector.
Andrey Arsentiev, head of analytics and special projects at InfoWatch Group of Companies, emphasizes that only APT groups that have powerful financial and human resources can afford to improve malware. It is almost impossible for lone hackers to develop such tools, he said.
Read more in the article “Izvestia” on Monday, November 23