endpoint security: amplified

Final-Connect-Image.jpg

Show Us the Way CryptoLocker!

Ransomware is a class of crimeware that locks down an infected system by preventing user’s access to their data stored locally or via accessible shared network drives. Access is only sometimes restored to the victim after a sum of money is transferred to a digitally remote blackmailer.

CryptoLocker is one of the latest variants in this family surfacing over the last few months has recently made some noise across the industry. Ransomware is one of the busiest (and most annoying) threats of 2013, and is experiencing another comeback tour so we decided it’s time to take a peek under the hood of the latest variant’s campaign to see what the author team is up to as of late and how different is the actual threat compared to the evasion techniques.

Read More

Topics: Cyber Crime, Cyber Security, malware, Cyber Attack, APT, cybersecurity, malware infection, malware analysis, Scout, Sentinel, endpoint security, CounterTack, Breaches, Zero-day Attack, in-progress attacks, Sean Bodmer

The Pitfalls Behind And Ahead

The pace of advisories and reports surrounding new zer0day activity seems to be accelerating at an alarming rate in 2013. Growing numbers have been seen in the wild exploiting victims and gaining beachheads within enterprises around the world. Meanwhile, as a noted in a recent New York Times article, which highlighted the statistics of crimeware detection and prevention among the world’s top 45 antivirus engines commercially available, the cyber security industry has been slow to adapt. To illuminate some of the mystery behind some of the tools and techniques that makes executable detections more difficult than they used to be, it helps to examine a small chip off of the proverbial iceberg of evasion techniques to make the topic more digestible.

In the book Hacking Exposed – Malware and Rootkits, my co-authors and I discussed many of these evasion techniques and other tools such as crypters, binders, packers, polymorphism, and several other common methods that bolster the survivability of a malicious executable. Almost all of these tactics are incorporated by persistent threats in order to evade detection by most commercially available antivirus or other security products. To understand these methods and related behaviors, one must first examine the motive behind them.

Read More

Topics: Cyber Crime, Cyber Attack, APT, Detecting in-progress attack, in-progress attacks, VirusTotal, Anubis, Broad Crypter

Subscribe to Email Updates

Posts by Topic

see all