Page 181 - Cyber Defense eMagazine June 2024
P. 181
Steganography campaign example
• CAPTCHAs: There are also other techniques employed by threat actors that allow them to
bypass automated solutions. CAPTCHAs are a prominent example of this, as they have been
employed in hundreds of phishing attacks as a simple yet reliable evasion technique. Interactivity
enables analysts to easily address this by manually solving the test and proceeding to the next
stage of the attack, exposing it entirely.
• Mouse movement: Another common sandbox evasion technique involves using mouse
movement to trigger malware detonation. While some automated solutions may include mouse
emulation mechanics, certain malware can still detect artificial movement. An interactive service
can help users overcome this obstacle by providing them with complete control over the virtual
machine, making it possible to mimic natural mouse movements and successfully analyze the
malware.
Scenario 2: Proof of concept testing
Interactive malware sandboxes are more fitting for proof of concept (PoC) testing compared to automated
ones due to their flexibility and customization capabilities. With an interactive sandbox, analysts can
manipulate the environment and closely observe the malware's behavior.
This hands-on approach allows analysts to test specific scenarios that may not be covered by automated
sandboxes.
Take CVE-2024-21413, also known as MonikerLink, one of the vulnerabilities discovered this year. This
flaw can lead to the compromise of an NTLM Hash in Outlook, enabling the remote execution of malicious
code without the user's notice.
Cyber Defense eMagazine – June 2024 Edition 181
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
