THE ADVENTURES OF AV AND THE LEAKY SANDBOX presented at blackhat 2017

by Itzik Kotler, Amit Klein,

Summary : Everyone loves cloud-AV. It incorporates up-to-date intelligence from multiple global sources ("wisdom of the clouds"), and (in theory) it has small footprint. There's simply no downside in moving to cloud-AV, right? Consider a high-security enterprise with strict egress filtering, that is - endpoints have no direct Internet connection, or the endpoints' connection to the Internet is restricted to hosts used by their legitimately installed software. Let's say there's malware running on one of the endpoints with all the privileges it needs. This is bad of course, but thankfully, the last line of defense is there - the malware can't really exfiltrate data to the Internet, due to the strict Internet connection policy enforcement.
Now, let's also assume that this enterprise has cloud-enhanced anti-virus (AV) agents installed on its endpoints. You'd think that this can only improve the security of the enterprise. You'd argue that if malware is already running on the endpoint with full privileges, then an AV agent can't degrade the security of the endpoint. And you'd be completely wrong.
In this presentation, we describe and demonstrate a novel technique for exfiltrating data from highly secure enterprises whose endpoints have no direct Internet connection, or whose endpoints' connection to the Internet is restricted to hosts used by their legitimately installed software. Assuming the endpoint has a cloud-enhanced antivirus product installed, we show that if the anti-virus product employs an Internet-connected sandbox in its cloud, it in fact facilitates such exfiltration. We release the tool we developed to implement the exfiltration technique, and we provide real-world results from several prominent AV products. We also provide data and insights on those AV in-the-cloud sandboxes. Finally, we address the issues of how to further enhance the attack, and how can cloud-based AV vendors mitigate it.