News, news analysis, and commentary on the latest trends in cybersecurity technology.
The latest episode of Tech Talk outlines how organizations can interrupt malicious activity before files get encrypted.
Ransomware attacks may be fast, but they are still made up of several distinct stages — which means security defenders have multiple opportunities to stop the attack before it causes serious damage.
These attacks are, first and foremost, a human intrusion and follow all the familiar phases associated with security breaches, says Max Heinemeyer, director of threat hunting at Darktrace. The malware's actual capabilities and specific techniques vary, but the attack always involve initial access, communicating with a command-and-control server, reconnaissance, and lateral movement. Encryption is often at the end of, or near the end of, the attack life cycle.
In this Tech Talk (above), Heinemeyer outlines how organizations need to know what "normal" looks like in order to detect outliers, and to be able to interrupt those unusual activities as they occur.
"If you want to interrupt ransomware before it can deploy, the previous stages of that attack are very interesting to look at," Heinemeyer says.
The increasing professionalization of ransomware attacks, especially in how the attackers market themselves and recruit new members, worries Heinemeyer. Attacks have evolved from just encrypting everything to extortion, and then to mixing in other attacks in order to collect the ransom. It's possible that future attacks will involve going down the supply chain if the victims don't pay.
"It's all about interrupting business and interrupting revenue ... we don't think this is just a tech issue about encrypting data anymore," Heinemeyer says.
Note: DR Technology is sponsored by Darktrace.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024