Quick Heal® Technologies Uncovers New Malware Breach Impacting Sandbox-Based Gateway Appliances

Share Article

Quick Heal Recommends Multiple Layers of Threat Protection to Safeguard Enterprise Networks; Offers Complimentary Report on Findings

News Image
Our initial findings have taught us that even the most advanced sandbox-based appliance protection can be breached. -- Sanjay Katkar, CTO, Quick Heal Technologies

Quick Heal Technologies today announced its research labs have come across a new malware sample that is able to breach the advanced threat protection offered by sandbox-based gateway appliances. According to the lab’s findings, the malware can successfully work its way around a sandbox gateway appliance to reach a user’s email inbox without detection.

Discovered by Quick Heal Research Labs last month, the malware, named APT-QH-4AG15, was first detected in the Philippines, where it targeted the country’s financial institutions. Detailed analysis of the malware sample by Quick Heal reveals that it has been designed to infect highly protected networks, with several anti-virtual machine and anti-sandbox schemes implemented within it.

“Our global reach allows us to identify advanced persistent threats (APT) such as this one in all corners of the globe, with a goal of catching them just as they emerge and containing them before they spread,” said Sanjay Katkar, CTO, Quick Heal Technologies. “Our initial findings have taught us that even the most advanced sandbox-based appliance protection can be breached. As a result, enterprises need to consider and implement multiple layers of protection to safeguard their networks.”

While the network breaches of the last few years have raised concerns about the effectiveness of endpoint security protection, future breaches are also sure to raise questions about the reliability of sandbox gateway appliances for preventing APTs, Katkar added.

According to a post on the Quick Heal blog, over the past few years spear phishing attacks via highly targeted messages have been the primary attack vector of successful data breaches, and more than 90% of attacks on enterprise networks are the result of spear phishing methods. This has led to the rise of sandbox-based gateway appliances, which offer advanced malware detection for incoming emails. These easy-to-use solutions launch incoming email attachments in a secure virtual environment to monitor their runtime behavior. If any malicious activity is detected, a red flag is raised. Through use of this technology, many zero-day APTs and other threats have been detected and blocked, Katkar noted.

“The early success of many sandbox-based appliances can be attributed to the fact that malware variants were never designed with such protection mechanisms in mind,” Katkar said. “Instead, these samples were focused toward breaching traditional antivirus and firewall solutions. This enabled them to breach traditional security solutions with zero-day attacks very frequently. But now that the use of these APT sandbox-based appliances is on the rise in the enterprise, new malware variants are being designed with the aim of penetrating this specific protection mechanism.”

Quick Heal experts advise that threat protection is an ongoing process, and that unwavering vigilance is a necessity because new threats are always on the horizon. According to Farokh Karani, Director - North America, Sales and Channels, Quick Heal Technologies, “The best defense is layers of robust protection – from the network to the endpoints and across all mobile devices, with continuous updates made to ensure that all levels of protection are current. For small to midsize enterprises (SME), working closely with IT service providers who are well versed in the latest threat protection strategies and solutions will add a strong measure of added protection as well.”

In addition to the blog post, a report describing the company’s initial findings is available as a complimentary download on the Quick Heal website.

Earlier this year, Quick Heal announced the immediate availability of its SEQRITE line of data security solutions in North America. SEQRITE addresses North America’s SME market with comprehensive, endpoint, network and mobile security solutions for the prevention of internal and external threats, attacks and malicious viruses.

Resellers interested in becoming a Quick Heal/SEQRITE partner, please contact 855-978-6117 or email us.sales@seqrite.com or visit the Quick Heal partner page. For more information on Quick Heal, visit http://www.quickheal.com.

About SEQRITE
SEQRITE is the enterprise security brand of Quick Heal Technologies Pvt. Ltd. Sold in North America exclusively through qualified channel partners, the comprehensive SEQRITE data security product line specifically targets small to midsize enterprises and is designed to simplify security management across endpoints, mobile devices and networks. SEQRITE is built around the Quick Heal AV engine, which is internationally certified by OPSWAT, Checkmark, ICSA Labs, AV-Comparatives and other recognized organizations. For more information visit http://www.seqrite.com.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Paula Johns
Paula Johns Communications
+1 (760) 522-0941
Email >