Kaspersky Research Sandbox 3.0: more power, less hardware
Designed for security teams and threat researchers, the enhanced solution provides more flexibility, efficiency, and cost-effectiveness in detecting and analysing modern cyber threats.
Kaspersky Research Sandbox has been developed directly out of the company's in-lab sandboxing complex, a technology that's been evolving for over two decades. It incorporates all the knowledge about malware behaviours acquired through continuous threat research, allowing Kaspersky to detect over 400,000 new malicious objects every day.
One of the key advancements in Kaspersky Research Sandbox 3.0 is the introduction of visual interaction during sample detonation (VNC). This feature enables security analysts to interact with the execution environment in real time, monitor malware behaviour as it unfolds, and run investigation tools to uncover additional threat details. This deeper level of analysis enhances the ability to detect sophisticated threats that adapt to traditional sandboxing methods.
The updated sandbox now also offers the option to work with Kaspersky Security Network (KSN) as an alternative to Kaspersky Private Security Network (KPSN). This flexibility provides a more cost-effective and faster deployment option which is particularly useful for pilot projects. Additionally, this change reduces hardware requirements by half, making the solution more accessible for organizations with limited resources.
To address the growing use of obfuscation techniques in modern attacks, Kaspersky Research Sandbox 3.0 now incorporates Microsoft AMSI (Antimalware Scan Interface) output. This integration significantly improves detection of packed and obfuscated scripts, including malicious PowerShell activity, a tactic increasingly exploited by threat actors.
Further improving threat intelligence capabilities, the update introduces extended static analysis. By examining key file attributes such as strings, headers, sections, import and export tables and entropy graphs for executable files, analysts gain critical insights into malware characteristics, even for operating systems not yet supported for dynamic analysis, such as macOS.
Alongside these technological enhancements, the user interface has been completely redesigned to improve usability and streamline the research process. The enhanced System Activities page now offers improved visualisation, allowing analysts to filter reports and focus only on relevant malicious processes. The History table search function makes it easier to retrieve previous analysis results, helping security teams quickly resume investigations.
'With Kaspersky Research Sandbox 3.0, we're providing security teams with even more extensive analysis capabilities, greater visibility and control over malware behaviour and a significantly decreased entry threshold for organisations with limited hardware resources. Built on over two decades of malware research, Kaspersky Research Sandbox combines our deep threat analysis expertise with cutting-edge technology. It empowers security teams with professional interactive malware investigation tool with even deeper analysis and optimised performance – now with twice lowered hardware requirements', comments Boris Storonkin, Threat Intelligence Product Manager at Kaspersky.
For more information about Kaspersky Research Sandbox 3.0, please visit the link.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tahawul Tech
24 minutes ago
- Tahawul Tech
Kaspersky shares tips for safer remote working
It is holiday season in many parts of the world, these days, though, going on holiday does not always mean turning back on office life – hybrid work cuts both ways. Today's widespread connectivity—available at airports, train stations, restaurants, hotels, and most indoor public spaces—makes staying connected easier than ever, with free Wi-Fi in many locations and reliable 4G or 5G coverage elsewhere, facilitating a seamless blend of work and leisure even while on holiday. This increase in connectivity among travellers has not gone unnoticed by cyber criminals. Kaspersky experts analysed nearly 25,000 free Wi-Fi spots in Paris ahead of the Summer Olympic Games and Paralympic Games. The analysis revealed that almost 25% of these networks had weak or no encryption, making users vulnerable to personal and banking data theft. Travelers often have their guard down. The unfamiliar surroundings of a new location or a different language can throw up a useful smokescreen for a cyberattack, meaning additional care needs to be taken when logging on. Fortunately, a few smart tools and habits can help you stay protected while enjoying the flexibility of remote work. Use a VPN for secure connections A VPN is one of the most effective ways to safeguard users' online activity, especially when working from unfamiliar locations. By encrypting internet traffic, a VPN ensures that hackers can't intercept sensitive data like login credentials or financial details. This is particularly important when accessing work emails or company files on public Wi-Fi, where cybercriminals often lurk. Switch to an eSIM for reliable, secure mobile data Another useful digital tool that provides a seamless way to stay connected using local mobile networks with no physical SIM card required is the eSIM. This is a game-changer for international travellers who want to avoid sky-high roaming charges or the hassle of hunting down temporary SIM cards in foreign countries. With an eSIM, a user can download a local data plan before you even arrive at your destination, ensuring instant connectivity the moment you land. This eliminates the need to rely on unsecured Wi-Fi hotspots, significantly reducing your exposure to cyber threats. Plus, many eSIM providers allow you to manage multiple profiles on a single device, making it easy to switch between work and personal data plans without juggling multiple phones. Services like Kaspersky eSIM Store enables users to purchase and activate data plans in advance, track usage and top up as needed, all from a single app. Enable two-factor authentication (2FA) When traveling, people often leave devices unattended. To protect against unwanted people logging in, travellers should ensure two-factor authentication (2FA) is enabled on all critical accounts and that passwords are used all devices. Final tips for a secure summer workcation Even with a VPN, eSIM and 2FA in place, your devices still need strong defences against malware, phishing scams and ransomware. Cybercriminals often target remote workers who may let their guard down while traveling, making real-time protection essential. Modern antivirus software does more than just scan for viruses, it actively blocks malicious downloads, warns you about phishing attempts and even secures your passwords and financial data. For the most robust security, consider a solution like Kaspersky Premium, which combines antivirus protection, a VPN and password management into a single, easy-to-use package. By combining a VPN, eSIM and strong antivirus, you can work from anywhere with confidence, whether you're sending emails from a poolside or joining a video call from a festival tent. For more expert advice on remote work safety, explore Kaspersky's Remote Work Security Guide. Image Credit: Stock Image
Tahawul Tech
6 hours ago
- Tahawul Tech
Kaspersky uncovers Efimer trojan delivered via phishing emails
According to Kaspersky Security Network, between October 2024 and July 2025, over 5,000 users — both individuals and organisations — fell victim to the Efimer trojan. The malware was particularly impactful in Brazil, affecting around 1,500 victims. These attacks also targeted users in India, Spain, Russia, Italy, and Germany. Kaspersky has discovered a rapidly escalating malicious campaign targeting corporate users with Efimer — a trojan designed to steal and replace cryptocurrency wallet addresses. Initial versions of Efimer appeared in October 2024 and were distributed through compromised WordPress websites. However, in June 2025, the malware began spreading via phishing emails as well. Disguised as a legal firm, the attackers send emails threatening recipients with lawsuits over alleged domain name patent violations to trick them into downloading the malware. This approach allows Efimer to build its own malicious infrastructure and continue spreading to new devices. 'This Trojan is notable for its dual approach, to spreading — targeting both individual users and corporate environments with different tactics. For private users, attackers use torrent files pretending to be popular movies to lure victims, while in corporate settings, they rely on fraudulent emails containing legal threats. Crucially, in both cases, compromise only occurs if the user actively downloads and executes the malicious file,' explains Artyom Ushkov, threat researcher at Kaspersky. Kaspersky recommends corporate and individual users: Refrain from downloading torrent files from unknown or untrusted sources. Recipients should carefully verify the legitimacy of email senders and ensure antivirus databases are regularly updated. Avoid clicking on links or opening attachments in unsolicited or spam emails to reduce the risk of malware infection. Stick to best practice including regular software updates, enforcing strong passwords and two-factor authentication, as well as continuous monitoring for signs of compromise. Install a trusted security solution and follow its recommendations. Secure solutions will solve the majority of problems automatically and send alerts. For developers and website administrators: implementing robust security measures to protect their infrastructure from unauthorised access and malware propagation is essential. Find the full report on Image Credit: Kaspersky
Gulf Business
a day ago
- Gulf Business
Kaspersky warns of rising Efimer trojan attacks on crypto users
Image: Getty Images Kaspersky Security Network has reported that between October 2024 and July 2025, more than 5,000 users — including both individuals and organisations — were targeted by the Efimer trojan, a malicious program designed to steal and replace cryptocurrency wallet addresses. The campaign was particularly damaging in Brazil, which saw approximately 1,500 victims, but also impacted users in India, Spain, Russia, Italy, and Germany. Initially detected in October 2024, early versions of Efimer were spread through compromised WordPress websites. By June 2025, attackers had expanded their methods, distributing the malware via phishing emails. These emails, disguised as correspondence from a legal firm, threatened recipients with lawsuits over alleged domain name patent violations to pressure them into downloading malicious files. 'This Trojan is notable for its dual approach to spreading — targeting both individual users and corporate environments with different tactics. For private users, attackers use torrent files pretending to be popular movies to lure victims, while in corporate settings, they rely on fraudulent emails containing legal threats. Crucially, in both cases, compromise only occurs if the user actively downloads and executes the malicious file,' explained Artyom Ushkov, threat researcher at Kaspersky. Read: Kaspersky advises both corporate and individual users to avoid downloading torrent files from unverified sources, verify the legitimacy of email senders, and keep antivirus databases up to date. Users should also refrain from clicking on links or opening attachments in unsolicited emails, ensure software is regularly updated, enforce strong passwords and two-factor authentication, and continuously monitor for potential compromises. Installing a trusted security solution and following its recommendations can automatically mitigate most threats. For developers and website administrators, Kaspersky recommends implementing strong security measures to prevent unauthorised access and stop malware from propagating through their infrastructure. The full report is available on
