[BreachExchange] Get ahead of the next global ransomware attack with advanced threat protection

Audrey McNeil audrey at riskbasedsecurity.com
Tue Aug 15 19:55:57 EDT 2017


http://www.cbronline.com/news/cybersecurity/protection/get-
ahead-next-global-ransomware-attack-advanced-threat-protection/

Ransomware has taken the world by surprise in the first half of this year,
cementing itself as a major global threat.

Attacks like Wannacry and Petya, which we classify as ransomworms rather
than ransomware due to their ability to spread rapidly, had catastrophic
repercussions all over the globe and did not discriminate when it came to
industry.

Starting with Wannacry, the attack demonstrated that far too many
organisations did not have effective security protocols in place, and did
not take note of the importance of cybersecurity until after the fact. This
particular strain of ransomworm took advantage of a vulnerability that had
been patched two months earlier by Microsoft, yet many organisations had
not updated their machines.

Adding insult to injury, when Petya was launched just weeks later – using
the exact same exploit as Wannacry – organisations still found themselves
affected, despite the global attention Wannacry received.

Cybercriminals are always searching for new targets and an easy entry
point, this Microsoft exploit provided the perfect honey pot for them to
target these organisations and to spread their malware.  Making matters
worse, these two attacks could’ve easily been mitigated if said
organisations had simply followed some relatively simple security
processes; patching and updating.

 Ransomware as a service is now a thing

Ransomware attacks will only become more prolific as Ransomware as a
Service (RaaS) gains traction on the dark web.  Everyday people can now buy
malware and distribute it as they see fit. Only adding to the problem, is
that ransomware is becoming more and more sophisticated in nature.
Cybercriminals are constantly updating and releasing new iterations of code
with the goal of outsmarting the latest security features. As such, it has
never been more important for security teams to reiterate the importance of
basic security practices to the wider organisation. Taking a proactive
approach to security to anticipate tactics that hackers might use will
minimise the impact of any breach. So, where do you start?

Easily the best place to begin is to stress the importance of effective
cyber hygiene. This involves ensuring your operating systems are kept up to
date, and regularly applying security patches will mean any weak point in
your ecosystem is covered before it can be targeted maliciously. Without
these basic processes in place any additional security efforts will be
hampered. Meaning any additional layers of security need to work with a
valid and up to date IT infrastructure to mitigate threats. Basic cyber
hygiene is a must, but additional preparation is key and new advanced
threat protection measures can really help you stay ahead of cybercriminals.

 Leaving the next ransomware attack in the sandbox

One method to combat the next big threat is sandboxing.  This involves
isolating code into a virtual environment where it can be executed and
tested before entering your main network ecosystem. If any malicious
software is detected, it is segregated from doing any harm.

Unfortunately, cybercriminals are working harder than ever and have created
code that is able to detect a sandbox, and disguise itself until it has
been cleared onto the network. As such, security must now detect this kind
of code too. This is where advanced threat protection comes into its
element. ATP is able to prepare for the next generation of ransomware
attack by proactively detecting certain signatures and behaviours that
would suggest a malicious intent. Signature detection is able to monitor
for an exact match of a known malicious code.

However, it’s worth noting that with thousands of variations of the same
code which is able to sneak past these systems, newer pattern recognition
systems are required to form a stronger defence. For example, pattern
recognition technology can distinguish over 50,000 code variations within a
malware family, and as such, stop them from infecting a network. With this
level of coverage, malicious code is truly up against it in order to sneak
into the organisation’s network. It isn’t as simple as it seems,
recognising code is one thing, but being able to analyse and detect code
that is searching to see if it is in a sandbox environment is more
difficult. By spotting malicious code of this nature, it’s possible to
render evasion technology irrelevant.

A global threat network can provide further advantages, by identifying
threats early and sharing that knowledge the spread of malicious software
can be halted far more quickly. Sandboxes are a powerful tool, but this
requires resource and the process can be time consuming. This is why they
should always be partnered with other security tools such as firewalls and
endpoint security to establish a fully integrated security solution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170815/7903168f/attachment.html>


More information about the BreachExchange mailing list