Rahul Kashyap, chief security architect of Bromium stated, "Outlined threat vectors sandboxes could not effectively block in a Pen-Tester's Perspective". Not to say these sandboxes are not working, but pointing out the fact that people look at these sandboxes as fail-proof, so other security measures are often not considered.
It's as if a dead bolt lock on the front door of your home is going to keep all away. Even if there is a home security alarm installed, burglars can still enter and rob you.
Bromium labs grouped these attacks into two categories:
- One that bypasses the complete sandbox
- One that exploits to succeed without breaking the sandbox
The bypass techniques focus on exposing Windows OS and the sandbox itself. The other includes post-exploitation scenarios, like keylogging, remote access, hijacking contents, screen scraping, stealing files, and getting into networking shares.
IT and network administrators shouldn't rely completely on sandboxes. Administrators should continue to practice other security options to keep systems from vulnerabilities. Executing malware within a sandbox is not safe, because malware is sophisticated enough to do severe damage to systems.
Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.
Application Sandboxes Won't Stop Advanced Attacks: Research - Security Week
July 24, 2013
Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.