One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1195389 |
| Date de publication | 2019-07-09 13:00:00 (vue: 2019-07-09 16:00:31) |
| Titre | A peek into malware analysis tools |
| Texte |
So, what is malware analysis and why should I care?
With the commercialization of cybercrime, malware variations continue to increase at an alarming rate, and this is putting many a defender on their back foot. Malware analysis — the basis for understanding the inner workings and intentions of malicious programs — has grown into a complex mix of technologies in data science and human interpretation. This has made the cost of maintaining a malware analysis program generally out of reach for the average organization.
And, the era of “big data” that we’re currently in isn’t making things any easier. At AT&T Cybersecurity, for example, our AT&T Alien Labs threat intelligence unit analyzes a ton of threat data coming in from the AT&T IP network, our threat-sharing community of 100,000 security professionals (Open Threat Exchange, or OTX), and our global sensor network. To give you an idea of the scale, in a single day:
More than 200+ petabytes of traffic cross the AT&T network, including 100 billion probes for potential vulnerabilities
Open Threat Exchange (OTX) users publish around 47,000 contributions of threat data to the platform
Alien Labs collects twenty million threat observations and analyzes more than 370,000 malware samples and 400,000 suspicious URLS collected via our global sensor network
To get through all of this big data, Alien Labs uses multiple layers of analytics and machine learning, including a variety of malware analysis tools. With these tools, we can quickly perform threat artifact assessment (i.e. is this a false alarm or true threat), threat indicator extraction and expansion, behavioral analysis, malware clustering and more. Essentially, we’re filtering through the noise of big data so our threat researchers can more quickly validate, evaluate and interpret that information and turn it into the enriched, tactical threat intelligence that drives our approach to threat detection and response.
Malware analysis tools and techniques
As a broad overview (and I do mean broad), the various tools used for malware detection and analysis can be categorized into three categories: static analysis, dynamic analysis, and hybrid analysis.
Static analysis is the process of analyzing a malware sample without actually running the code. Static analysis is done through a variety of techniques, including signature based or heuristic based techniques. For example, using a signature-based detection technique, the malware detector is looking for known pattern matching in the signatures (the bit of sequence injected in the application program by the malware writers that uniquely identifies a particular piece of malware). Heuristic detection takes this one step further. In this technique, instead of looking for a particular, known signature, the malware detector is searching for commands and instructions that are not present in the application program. Because heuristic detection is not based on a specific signature being known at a single point in time, it becomes easier to detect new variants of malware that have not yet been identified. Two heuristic techniques include file-based analysis (looking for commands to delete or harm other files) and generic signature analysis (variants of known, malicious signatures). Other examples include looking for malicious, obfuscated JavaScript contained within a PDF file or malicious VBA code.
Dynamic analysis involves running the malware sample and observing its behavior on a system in order to understand the infection and how to stop it from spreading into other systems. The system is setup in a closed, isolated virtual environment — a virtual machine or “sandbox.”
|
| Envoyé | Oui |
| Condensat | “big “sandbox however to 000 100 200+ 370 400 able across actor actor's actually alarm alarming alien all also analysis analysts analytics analyzes analyzing another any application approach are around arrows artifact assessment at&t augments automation average back based basis because becomes been behavior behavioral being between big billion bit both broad campaign can care categories: categorized change checking closed clustering code collected collects combine comes coming commands commercialization community complex component connect contained continue contributions cost critical cross curated currently cybercrime cybercriminals cybersecurity data data” day: days dealing deep defender delete derive detect detection detector different done dots drives dynamic easier engine enriched environment era especially essential essentially evaluate ever example examples exchange expansion experience expertise extraction false feed file files filtering first foot from further generally generic get give global grown harm has have heuristic how human hybrid idea identified identifies identify important include including increase indicator industries infection information injected inner insights instead instructions intelligence intentions interpret interpretation involves isn’t isolated isolation its javascript judgment keep known labs layers learning looking machine made maintaining making malicious malware many matching mean might million mind mix monitoring more multiple must necessary needed network new noise not obfuscated observations observing one open order organization organizations other otx out overview particular pattern pdf peek people perform persona petabytes piece platform point potential present probes procedures process professionals program programs publish putting quickly quiver rate reach research researchers response revealing running sample samples sandbox scale science searching security sensor sequence setup sharing should signature signatures single singular skills specialized specific speed spreading static step stop suspicious system systems tactical tactics takes targeting team teams technique techniques technologies than them then these things those threat three through time ton tool toolkit tools traffic true turn twenty two understand understanding uniquely unit urls used users uses using validate variants variations variety various vba verticals virtual vulnerabilities we’re well what which why within without workings writers yet |
| Tags | Malware Tool Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.