The Attack
Attackers are gaining more time between the initial malware attack and detection. Malware sandbox detection is not a new tactic on the part of malware authors, but it is becoming more commonplace. This tactic allows many varieties of malware to detect the presence of the malware sandbox system and evade detection. Also, online, cloud-based services are available for hackers who wish to test their malware against all the latest versions of antivirus software. In addition to making malware as stealthy as possible, stolen credentials allow hackers to act as legitimate users, making it even more difficult to find them.
Tip: Organizations can no longer focus on finding the single origin of a breach. With hackers' ability to easily evade malware detection and switch identities once inside a network, it's useless to monitor the endpoint. Instead of looking for the initial attack, security teams must focus on what happens once attackers are inside.