Two-Faced Malware – Cyber Threat in 2016. You should be on the lookout for “two-faced malware”: malware that can avoid detection by a sandbox ( a security mechanism for separating running programs, a testing environment) and then execute once clear of security protocols. Some types of malware evolve and grow more sophisticated. Others go by the wayside to be replaced by newer, more intelligent tools that drive further innovation among security vendors and researchers. Malware continues to be one of the primary tools of the hacker trade. Hackers use purpose-built malicious software to gain access to devices and networks, to exfiltrate (unauthorized transfer of) data, and exploit software vulnerabilities. In 2016, new variants will emerge, confounding security professionals and investigators looking to find and prosecute cyber criminals and state-sponsored actors.

Two-Faced Malware – Cybersecurity Risk in 2016

Two-Faced Malware - Cybersecurity Risk in 2016Many corporations now test new software in a safe environment called a sandbox before running it on their networks. A sandbox is designed to do deeper inspection to catch some of these different ways that they’re trying to change their behaviors. It’s a very effective way to look at these new threats as we move forward. That said, hackers in turn are creating malevolent software that seems benign under surveillance, but morphs into malicious code once it’s no longer under suspicion. It’s called two-faced malware. The reason we see so much volume as well is because cybercriminals are trying to evade [detection]. They know about security vendors, they know about law enforcement, they’re trying to constantly morph and shift their tactics.

Threat in 2016: Two-Faced Malware & Sandbox

Malware has been continually evolving features to avoid detection as security measure like sandboxing become more prevalent. As Sandboxing become more resistant to these countermeasures, we anticipate the development of Two-Faced Malware designed to execute an innocent task to avoid detection and then execute the malicious process once it has cleared security protocols. Future Outlook: New malware will be written that employs multiple code execution paths that are designed to execute a benign process while under inspection and then execute its malicious process once clear.

Two-faced Malware will be engineered to deliver counter threat intelligence and exploit the rating systems used by sandboxes and antivirus solutions. This counter threat intelligence can enable future variations of malware to bypass advanced security protection systems. These malware types will require stronger scrubbing and verification systems on the security vendor end. This could impact network performance and decrease the rate of adoption for more advanced security solutions.

Sources: Gartner.com & Fortinet.com

Leave a Reply