CyberSecurityBoard
Sponsor Register Login

How Sandboxes Help Analysts Expose Script-Based Attacks

Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive.
You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network.
To prevent this, analyzing suspicious files in malware analysis sandboxes is crucial.
Here are some instances where they prove invaluable.
VBE files are essentially encoded VBS scripts initially designed back in the day to safeguard intellectual property.
As a result, it is impossible to view their source code without extra tools, hindering analysis and allowing detection evasion.
Uploading a VBE file to a proper sandbox service instantly reveals the decoded VBS script at play.
It presents a full view of the script execution process, including its requested functions, transferred data, and commands.
A sandbox can also reveal the results of commands executed within scripts.
With the help of a sandbox, users can see the command's output as well as download it for further analysis.
This empowers analysts to fully comprehend the attacker's actions and the potential harm caused.
Analyzing any suspicious attachment or URL in a free interactive malware sandbox like ANY.RUN can instantly provide you with a conclusive verdict.
A sandbox's ability to track script-executable interactions is crucial in identifying malicious scripts that depend on executables for their functionality.
This insight helps analysts detect and neutralize script-based malware by employing executable files as a launchpad for their malicious activities.
In the provided example, a malicious executable utilizes the Windows Management Instrumentation Command tool to load and execute a VBScript file.
This approach allows the malware to conceal its true nature and manipulate the system without raising suspicion.
A sandbox can streamline investigating VBS-based malware, saving a lot of time on extensive reverse engineering or debugging.
This example shows the WSHRAT malware making a WMI query likely to check for all the installed antivirus solutions on the device.
You can try the full range of ANY.RUN's capabilities completely for free by requesting 14 days of a free trial.


This Cyber News was published on gbhackers.com. Publication date: Thu, 14 Dec 2023 17:13:07 +0000


Cyber News related to How Sandboxes Help Analysts Expose Script-Based Attacks

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
5 Best Ways a Malware Sandbox Can Help Your Company - Malware sandboxes are indispensable for threat analysis, but many of their capabilities are often overlooked. Malware sandboxes equipped with advanced AI capabilities can significantly enhance the training and productivity of junior security staff. ...
1 year ago Cybersecuritynews.com
How Sandboxes Help Analysts Expose Script-Based Attacks - Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive. You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network. To prevent ...
1 year ago Gbhackers.com
8 Strategies for Defending Against Help Desk Attacks - COMMENTARY. Defensive security techniques often lag offensive attack tactics, opening companies to heightened risk from rapidly evolving threats. An alarming case in point is the help desk, one of today's most exposed organizational Achilles' heels. ...
1 year ago Darkreading.com
What is Word Unscrambler In Gaming? - Are you tired of getting stuck on those tricky word puzzles in your favourite mobile game? Have you ever wished for a tool to help unscramble those seemingly impossible words? Look no further because the word unscrambler is here to save the day! This ...
1 year ago Hackread.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
1 year ago Darkreading.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
3 months ago Aws.amazon.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
11 months ago Blog.checkpoint.com
Vectra AI Launches Global, 24x7 Open MXDR Service Built to Defend Against Hybrid Attacks - PRESS RELEASE. San Jose, Calif. - February 15, 2024 - Vectra AI, Inc., the leader in hybrid attack detection, investigation and response, today announced the launch of Vectra MXDR services, the industry's first global, 24x7 open MXDR service built to ...
10 months ago Darkreading.com
Sigma rules for Linux and MacOS ~ VirusTotal Blog - TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. At that time ...
1 year ago Blog.virustotal.com
Defending Against AI-Based Cyber Attacks: A Comprehensive Guide - As attackers begin to use AI to automate and improve their tactics, defenders are forced to adapt and develop effective measures to protect their data. Exploit development: AI can automatically generate and tailor exploits to specific ...
1 year ago Securityboulevard.com
How to Prepare for DDoS Attacks During Peak Business Times - One common tactic that many security practitioners have witnessed is carrying out distributed denial-of-service attacks during peak business times, when companies are more likely to be short-staffed and caught unawares. While DDoS attacks are a ...
1 year ago Darkreading.com
Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
6 months ago Helpnetsecurity.com
Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast - What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on ...
9 months ago Helpnetsecurity.com
Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats - In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not be ignored. Threat intelligence involves the systematic collection, analysis, and application of data to understand potential ...
11 months ago Hackread.com
Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team - AI is quickly becoming a force multiplier-presenting significant opportunities for security teams to increase productivity, save time, upskill resources, and more. Microsoft Copilot for Security is already showing immediate impact for security teams ...
10 months ago Microsoft.com
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
1 year ago Helpnetsecurity.com
Content Delivery Network FAQs - Content Delivery Networks have become increasingly popular among businesses of all sizes in recent years. They offer a host of benefits to businesses, which can help to aid the smooth running of operations and boost reputation, efficiency, ...
1 year ago Hackread.com
Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days - Strategies for secure identity management in hybrid environmentsIn this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. Leveraging AI for ...
8 months ago Helpnetsecurity.com
VirusTotal: Generative AI is Great at Detecting, Identifying Malware - Generative AI engines similar to OpenAI's ChatGPT and Google's Bard will become indispensable tools for enterprises and cybersecurity operations in detecting and analyzing malicious code in a real-world environment, according to researchers with ...
1 year ago Securityboulevard.com
Marketing Strategies for PaaS Services: Get Ahead of the Curve - With the ever-growing demand for cloud-based performance and services, Platform-as-a-Service (PaaS) is becoming increasingly critical for modern software development. PaaS is a cloud-based platform, providing businesses with an integrated suite of ...
1 year ago Hackread.com
Definition from TechTarget - Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems. They're identified as nation-state attackers, and they've been accused of attacking the IT ...
1 year ago Techtarget.com
Private US companies targeted by Stonefly APT - Help Net Security - “Given available information, it is possible that APT45 is carrying out financially-motivated cybercrime not only in support of its own operations but to generate funds for other North Korean state priorities,” Mandiant analysts said, and ...
3 months ago Helpnetsecurity.com
Law Firms are Raising the Bar on Cybersecurity - Corresponding with recent increases in threat actor activity in the legal industry, law firms are investing more time and attention in modernizing security operations. Both midsize and large law firms are increasingly engaging with cybersecurity ...
1 year ago Bluevoyant.com
The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? - The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries. Over 41% of websites have shown signs of DDoS attacks ...
1 year ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)