In view of the increasing complexity of evasion tactics employed by threat actors, Check Point Research has highlighted the growing problem in the cybersecurity community, which is that attackers have been increasingly using password-protected ZIP archives to conceal malware from security scans, since the passwords are transmitted via out-of-band channels such as SMS or messaging services. This tactic exploits the fact that most security software is not capable of inspecting the contents of encrypted archives without the password, which enables malicious actors to “hide” their malware that would otherwise be blocked. To address this, Check Point has introduced a breakthrough capability the Encrypted Archive Engine that enables organizations to detect and block malicious ZIP files without requiring their password. The engine uses extensive historical data and behavioral analysis from ThreatCloud AI’s intelligence databases to examine structural patterns, metadata indicators and delivery context to identify potentially malicious archives. Thus, it has the capability of preventing the delivery and download of threats even before they reach the endpoint, especially if they are encrypted, making it a major step forward in the prevention of threats. A practical example was seen to highlight its importance in a real-world attack by Anubis ransomware, which was delivered through a password-protected ZIP file with the credentials provided separately, which was then identified and stopped at the perimeter before it could result in any data loss for the enterprise.
Also Read: SentinelOne Expands AI Security Platform with DSPM Capabilities
This technology is a testament to the need for proactive, password-independent malware inspection in today’s security infrastructure, particularly in light of the ever-evolving tactics used by attackers to evade traditional security measures. Through the analysis of encrypted archives according to structural and contextual signatures, the Encrypted Archive Engine marks a new era in the way in which security professionals can remain one step ahead of evasive threats. It proves that even when attackers fragment the kill chain in an attempt to evade detection, advanced threat protection technologies are capable of detecting and mitigating malicious intent. This is especially true in the case of enterprises that are under attack by ransomware and advanced persistent threats that use social engineering and delivery channel obfuscation to gain entry into a network, and serves to prove that next-generation inspection and AI-powered pattern analysis are critical components in the never-ending fight against malware-laden encrypted archives.
