Hackers are finding ways to bypass sandboxes and sneak in their malware, so some vendors are creating new approaches to counter them.
Sandboxing adds an extra layer of protection, diverting untrusted files or programs from unverified third parties, suppliers, or websites into a separate, secure environment where they can be inspected for malicious code. Based on that inspection, the attachments, files or applications are either allowed to enter or rejected from moving further into the network.
Attackers know larger companies and government agencies have sandboxes, so they are coming up with evasion techniques. “They will write malware to check first to see if it is running on a real PC or a VM. If it is not running on a PC, they won’t execute the malware. So it doesn’t show up in a sandbox," says Andy Feit, head of threat prevention marketing with Check Point Technologies.