Tuesday , 22 August 2017
Home » NEWS » THIS WEEK’S GURUS » Why advanced threat protections are the key to outsmarting the next ransomware attack
Mark Weir, Regional Director UK & I, Fortinet
Why advanced threat protections are the key to outsmarting the next ransomware attack

Why advanced threat protections are the key to outsmarting the next ransomware attack

The most prevalent cybersecurity concern in 2017 is undeniably ransomware, this year has seen it reassert itself into the public eye in a big way. The WannaCry attack in May was one of the largest ransomware attacks ever, affecting more than 300,000 computers running Microsoft Windows worldwide. What’s more the attack hit a huge range of public and private organisations.

It’s the old adage – fail to prepare and be prepared to fail, and people simply were not prepared for this attack. WannaCry demonstrated that far too many organisations do not have an effective security protocol in place, or don’t take it seriously until it is too late. This particular ransomware took advantage of a vulnerability that had been patched two months earlier in March, but many users had not updated their machines.

To further highlight the issue, when the Petya ransomworm launched just a few weeks later, using the exact same attack vectors, tens of thousands of organisations were still affected. Some are still feeling the consequences.

Cybercriminals are constantly on the lookout for an easy target and coming up with new ways to infiltrate them, with such a clear path in it’s no wonder someone took advantage of it. And organisations aren’t helping, simply because they are not taking care of the basics of patching and updating.

So, what are the options for protection? Well, the most important and arguably easiest protection is to keep your cyber hygiene in check. Keeping operating systems up to date and regularly applying security patches will ensure that weak point in a system is fixed before it can be taken advantage of maliciously. What’s more without these basic processes in place any additional security will be hampered. Additional layers of security need to work with a valid and up to date IT infrastructure to mitigate threats.

Basic hygiene is a must, but preparation is key and new advanced threat protection measures can turn the tables on the cybercriminals.

Sandboxing is a popular security measure that isolates code into a virtual environment where it can be executed and tested before entering the network. Anything detected as malicious will not be allowed to proceed. Unfortunately, some malicious code has developed to a point where it can detect the sandbox and disguise itself until it is cleared onto the network. To stay a step ahead of the cybercriminals, security must now detect malicious code that is actively disguising itself.

This is what advanced threat protection is all about, preparing for the next generation of ransomware attack by proactively detecting certain signatures and behaviours that would suggest a malicious executable. Signature detection traditionally monitors for an exact match of a known malicious code. However, with thousands of variations of the same code able to sneak past these systems newer pattern recognition systems make for a stronger defence.

For example, pattern recognition technology can distinguish over 50,000 code variations within a malware family, and stop them from infecting the network. With this level of coverage malicious code is far less likely to sneak through.

However, recognising code is one thing, it is also incredibly important to deeply analyse and detect code that is searching to see if it is in a sandbox environment. By spotting malicious code in this way it’s possible to render evasion technology irrelevant. A global threat network can provide further advantages, by identifying threats early and sharing that knowledge the spread of malicious software can be halted far more quickly.

If malicious code is not detected by these preliminary measures it is then executed in a sandboxed environment. If at this point it is found it can be shared with other local infrastructure to protect against the spread of the software and similar attacks.

Sandboxes are a powerful tool, but that makes them resource intensive and time-consuming. This is why it is often combined with other tools like firewalls, secure email gateways and endpoint security to minimise resource strain and keep network speeds high.

Ransomware attacks will only become more prolific as Ransomware as a Service (RaaS) gains traction on the dark web, allowing people to simply buy and execute someone else’s malware. On top of increasing the volume of attacks, ransomware is also becoming more sophisticated. Cybercriminals are constantly updating and releasing new iterations of their code in the hopes that it will outsmart security features. With that in mind, it is important that IT professionals take a proactive approach to security to anticipate tactics that hackers might use, perform effective threat analysis, and implement proper security measures to minimise impact.

About Dean Alvarez

Dean is Features Editor at IT Security Guru. Aside from cyber security and all things tech, Dean's interests include wine tasting, roller blading and playing the oboe in his Christian rock band, Noughts & Crosses.

You can reach Dean via email - dean@itsecurityguru.org
  • Defradar Security

    Great article – in my opinion People Security is and should be top priority for companies – and this can be seen even in the strategies of big companies like Microsoft or IBM, that have a dedicated Identity Security focus, either on prem and especially on cloud – http://www.defradar.com