Menu

Encrypted Malware Analysis

DOWNLOAD WHITE PAPER

encrypted_malware_WPThe analysis of encrypted malware utilizes traditional Dynamic Analysis, Active Memory Analysis and cutting edge “Trace Analysis”, allowing for a more holistic approach towards malware analysis from three differing perspectives. All three “prongs” of this methodology involve the analysis of “Data In Execution” which significantly reduces, and in some cases negates, the effectiveness of the anti-forensic techniques employed by malware authors attempting to implement countermeasures.

This multi-layered methodology has the benefit of targeting the weaker and less protected aspect of malware, its execution. It provides an analyst with multiple avenues for analysis which complement each other and provide a means to analyze advanced malware which may employ defenses designed to obfuscate the binary and foil Static Analysis, which come in the form of packers, obfuscation or other encryption techniques. With the de-obfuscation of such techniques, the playing field has been leveled allowing an analyst to become more effective. This paper provides a brief demonstration of this methodology and stands as an example of the benefit of this approach in identifying and analyzing malware which utilizes anti-forensic techniques, such as encryption.
More

Observational Malware Analysis

DOWNLOAD WHITE PAPER

The idea and practice of encrypting or obfuscating malware has been around since the early to mid 1980s. Malware authors quickly realized that to be successful at introducing and spreading their creations; they would need to take steps to not only conceal the malware’s behavior, but they would need to take steps to inhibit the progress of those who would reverse engineer the capabilities of these new Cybersoldiers. The longer a malware sample can remain undetected and thwart reverse engineering, the longer it has to spread and complete its mission. 

In order to identify and respond to advanced malware, the analyst much have the training and expertise to conduct surveillance on the malicious code.  Surveillance on malicious code – Observational Malware Analysis (OMA) – provides a better understanding of malware capabilities, the mission of the attacker, and the effects on the company being targeted. An analyst armed with this methodology and skillset is a valuable resource to defend against today’s most advanced threats.

Observational Malware Analysis (OMA) provides a better understanding of malware capabilities, the mission of the attacker, and the effects on the company being targeted. An analyst armed with this methodology and skillset is a valuable resource to defend against today’s most advanced threats.

Observational Malware Analysis

This paper serves as a high-level summary of a fully integrated forensic approach to identifying today’s advanced malware threats with higher confidence, better understanding, and in a more time efficient manner. Much of the information mentioned in the article should be fairly well known to a reader who oversees incident response or forensics teams, and to those who perform such tasks as part of their work experience. More

Cyber CI – An Outside Look In

By Jason Wood

Examples abound of companies recently having become victims of malware, cyber-criminals, hackers, hacktavists, insider threats, terrorists, and even nation state actors resulting in loss of personally identifiable information, proprietary information/intellectual property, personal financial information, personal health information, and other sensitive data.

In order to counter these, now common cyber threats, corporations have dedicated information technology staffs who implement a layered approach to information security; convinced that regular back-ups, encryption, antivirus protection, IDS/IPS, firewalls, and employee training is all that is needed.

The trouble is, not every company has the right protection in place, too much time and effort is spent trying to protect everything equally, budgets are too tight, and oftentimes companies lack technically proficient IT personnel with the right training. Some companies, from the CIO on down, are so focused on providing service solutions to their business units they fail to actually address the vulnerabilities of the organization’s interwoven network of servers, firewalls, desktops, personally owned devices, and in some cases point of sale terminals.

There are several options available to obtain a report on the reliability and resilience of your corporate network: More