Quick Heal Technologies Uncovers New Malware Breach Impacting Sandbox-Based Gateway Appliances

Quick Heal Recommends Multiple Layers of Threat Protection to Safeguard Enterprise Networks; Offers Complimentary Report on Findings

Quick Heal Technologies recently announced its research labs have come across a new malware sample that is able to breach the advanced threat protection offered by sandbox-based gateway appliances. According to the lab’s findings, the malware can successfully work its way around a sandbox gateway appliance to reach a user’s email inbox without detection.

Discovered by Quick Heal Research Labs last month, the malware, named APT-QH-4AG15, was first detected in the Philippines, where it targeted the country’s financial institutions. Detailed analysis of the malware sample by Quick Heal reveals that it has been designed to infect highly protected networks, with several anti-virtual machine and anti-sandbox schemes implemented within it.

“Our global reach allows us to identify advanced persistent threats (APT) such as this one in all corners of the globe, with a goal of catching them just as they emerge and containing them before they spread,” said Sanjay Katkar, CTO, Quick Heal Technologies. “Our initial findings have taught us that even the most advanced sandbox-based appliance protection can be breached. As a result, enterprises need to consider and implement multiple layers of protection to safeguard their networks.”

While the network breaches of the last few years have raised concerns about the effectiveness of endpoint security protection, future breaches are also sure to raise questions about the reliability of sandbox gateway appliances for preventing APTs, Katkar added.

According to a post on the Quick Heal blog, over the past few years spear phishing attacks via highly targeted messages have been the primary attack vector of successful data breaches, and more than 90% of attacks on enterprise networks are the result of spear phishing methods. This has led to the rise of sandbox-based gateway appliances, which offer advanced malware detection for incoming emails. These easy-to-use solutions launch incoming email attachments in a secure virtual environment to monitor their runtime behavior. If any malicious activity is detected, a red flag is raised. Through use of this technology, many zero-day APTs and other threats have been detected and blocked, Katkar noted.

“The early success of many sandbox-based appliances can be attributed to the fact that malware variants were never designed with such protection mechanisms in mind,” Katkar said. “Instead, these samples were focused toward breaching traditional antivirus and firewall solutions. This enabled them to breach traditional security solutions with zero-day attacks very frequently. But now that the use of these APT sandbox-based appliances is on the rise in the enterprise, new malware variants are being designed with the aim of penetrating this specific protection mechanism.”

Quick Heal experts advise that threat protection is an ongoing process, and that unwavering vigilance is a necessity because new threats are always on the horizon. According to Farokh Karani, Director - North America, Sales and Channels, Quick Heal Technologies, “The best defense is layers of robust protection – from the network to the endpoints and across all mobile devices, with continuous updates made to ensure that all levels of protection are current. For small to midsize enterprises (SME), working closely with IT service providers who are well versed in the latest threat protection strategies and solutions will add a strong measure of added protection as well.”

Earlier this year, Quick Heal announced the immediate availability of its SEQRITETM line of data security solutions in North America. SEQRITE addresses North America’s SME market with comprehensive, endpoint, network and mobile security solutions for the prevention of internal and external threats, attacks and malicious viruses.

For more information on Quick Heal, visit www.quickheal.com.

About SEQRITE
SEQRITE is the enterprise security brand of Quick Heal Technologies Pvt. Ltd. Sold in North America exclusively through qualified channel partners, the comprehensive SEQRITE data security product line specifically targets small to midsize enterprises and is designed to simplify security management across endpoints, mobile devices and networks. SEQRITE is built around the Quick Heal AV engine, which is internationally certified by OPSWAT, Checkmark, ICSA Labs, AV-Comparatives and other recognized organizations. For more information, visit www.seqrite.com.