CyberSecurityBoard
Sponsor Register Login

How Sandboxes Help Analysts Expose Script-Based Attacks

Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive.
You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network.
To prevent this, analyzing suspicious files in malware analysis sandboxes is crucial.
Here are some instances where they prove invaluable.
VBE files are essentially encoded VBS scripts initially designed back in the day to safeguard intellectual property.
As a result, it is impossible to view their source code without extra tools, hindering analysis and allowing detection evasion.
Uploading a VBE file to a proper sandbox service instantly reveals the decoded VBS script at play.
It presents a full view of the script execution process, including its requested functions, transferred data, and commands.
A sandbox can also reveal the results of commands executed within scripts.
With the help of a sandbox, users can see the command's output as well as download it for further analysis.
This empowers analysts to fully comprehend the attacker's actions and the potential harm caused.
Analyzing any suspicious attachment or URL in a free interactive malware sandbox like ANY.RUN can instantly provide you with a conclusive verdict.
A sandbox's ability to track script-executable interactions is crucial in identifying malicious scripts that depend on executables for their functionality.
This insight helps analysts detect and neutralize script-based malware by employing executable files as a launchpad for their malicious activities.
In the provided example, a malicious executable utilizes the Windows Management Instrumentation Command tool to load and execute a VBScript file.
This approach allows the malware to conceal its true nature and manipulate the system without raising suspicion.
A sandbox can streamline investigating VBS-based malware, saving a lot of time on extensive reverse engineering or debugging.
This example shows the WSHRAT malware making a WMI query likely to check for all the installed antivirus solutions on the device.
You can try the full range of ANY.RUN's capabilities completely for free by requesting 14 days of a free trial.


This Cyber News was published on gbhackers.com. Publication date: Thu, 14 Dec 2023 17:13:07 +0000


Cyber News related to How Sandboxes Help Analysts Expose Script-Based Attacks

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
7 months ago Esecurityplanet.com
5 Best Ways a Malware Sandbox Can Help Your Company - Malware sandboxes are indispensable for threat analysis, but many of their capabilities are often overlooked. Malware sandboxes equipped with advanced AI capabilities can significantly enhance the training and productivity of junior security staff. ...
6 months ago Cybersecuritynews.com
How Sandboxes Help Analysts Expose Script-Based Attacks - Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive. You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network. To prevent ...
6 months ago Gbhackers.com
8 Strategies for Defending Against Help Desk Attacks - COMMENTARY. Defensive security techniques often lag offensive attack tactics, opening companies to heightened risk from rapidly evolving threats. An alarming case in point is the help desk, one of today's most exposed organizational Achilles' heels. ...
6 months ago Darkreading.com
What is Word Unscrambler In Gaming? - Are you tired of getting stuck on those tricky word puzzles in your favourite mobile game? Have you ever wished for a tool to help unscramble those seemingly impossible words? Look no further because the word unscrambler is here to save the day! This ...
1 year ago Hackread.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
7 months ago Darkreading.com
Sigma rules for Linux and MacOS ~ VirusTotal Blog - TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. At that time ...
6 months ago Blog.virustotal.com
Vectra AI Launches Global, 24x7 Open MXDR Service Built to Defend Against Hybrid Attacks - PRESS RELEASE. San Jose, Calif. - February 15, 2024 - Vectra AI, Inc., the leader in hybrid attack detection, investigation and response, today announced the launch of Vectra MXDR services, the industry's first global, 24x7 open MXDR service built to ...
4 months ago Darkreading.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
5 months ago Blog.checkpoint.com
Defending Against AI-Based Cyber Attacks: A Comprehensive Guide - As attackers begin to use AI to automate and improve their tactics, defenders are forced to adapt and develop effective measures to protect their data. Exploit development: AI can automatically generate and tailor exploits to specific ...
6 months ago Securityboulevard.com
How to Prepare for DDoS Attacks During Peak Business Times - One common tactic that many security practitioners have witnessed is carrying out distributed denial-of-service attacks during peak business times, when companies are more likely to be short-staffed and caught unawares. While DDoS attacks are a ...
6 months ago Darkreading.com
Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast - What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on ...
3 months ago Helpnetsecurity.com
Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats - In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not be ignored. Threat intelligence involves the systematic collection, analysis, and application of data to understand potential ...
5 months ago Hackread.com
Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
6 days ago Helpnetsecurity.com
Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team - AI is quickly becoming a force multiplier-presenting significant opportunities for security teams to increase productivity, save time, upskill resources, and more. Microsoft Copilot for Security is already showing immediate impact for security teams ...
4 months ago Microsoft.com
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
7 months ago Helpnetsecurity.com
Content Delivery Network FAQs - Content Delivery Networks have become increasingly popular among businesses of all sizes in recent years. They offer a host of benefits to businesses, which can help to aid the smooth running of operations and boost reputation, efficiency, ...
1 year ago Hackread.com
Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days - Strategies for secure identity management in hybrid environmentsIn this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. Leveraging AI for ...
2 months ago Helpnetsecurity.com
VirusTotal: Generative AI is Great at Detecting, Identifying Malware - Generative AI engines similar to OpenAI's ChatGPT and Google's Bard will become indispensable tools for enterprises and cybersecurity operations in detecting and analyzing malicious code in a real-world environment, according to researchers with ...
7 months ago Securityboulevard.com
Marketing Strategies for PaaS Services: Get Ahead of the Curve - With the ever-growing demand for cloud-based performance and services, Platform-as-a-Service (PaaS) is becoming increasingly critical for modern software development. PaaS is a cloud-based platform, providing businesses with an integrated suite of ...
1 year ago Hackread.com
Law Firms are Raising the Bar on Cybersecurity - Corresponding with recent increases in threat actor activity in the legal industry, law firms are investing more time and attention in modernizing security operations. Both midsize and large law firms are increasingly engaging with cybersecurity ...
1 year ago Bluevoyant.com
Accenture and SandboxAQ Collaborate to Help Organizations Protect Data - PRESS RELEASE. NEW YORK; Jan. 16, 2024 - Accenture and SandboxAQ are partnering to deliver artificial intelligence and quantum computing solutions to help organizations identify and remediate cybersecurity vulnerabilities. According to recent ...
5 months ago Darkreading.com
Definition from TechTarget - Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems. They're identified as nation-state attackers, and they've been accused of attacking the IT ...
6 months ago Techtarget.com
Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast - Veeam fixes RCE flaw in backup management platformVeeam has patched a high-severity vulnerability in Veeam Service Provider Console and is urging customers to implement the patch. May 2024 Patch Tuesday forecast: A reminder of recent threats and ...
1 month ago Helpnetsecurity.com
CVE-2009-2808 - Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a ...
14 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)