News, news analysis, and commentary on the latest trends in cybersecurity technology.
The latest episode of Tech Talk outlines how organizations can interrupt malicious activity before files get encrypted.
Ransomware attacks may be fast, but they are still made up of several distinct stages — which means security defenders have multiple opportunities to stop the attack before it causes serious damage.
These attacks are, first and foremost, a human intrusion and follow all the familiar phases associated with security breaches, says Max Heinemeyer, director of threat hunting at Darktrace. The malware's actual capabilities and specific techniques vary, but the attack always involve initial access, communicating with a command-and-control server, reconnaissance, and lateral movement. Encryption is often at the end of, or near the end of, the attack life cycle.
In this Tech Talk (above), Heinemeyer outlines how organizations need to know what "normal" looks like in order to detect outliers, and to be able to interrupt those unusual activities as they occur.
"If you want to interrupt ransomware before it can deploy, the previous stages of that attack are very interesting to look at," Heinemeyer says.
The increasing professionalization of ransomware attacks, especially in how the attackers market themselves and recruit new members, worries Heinemeyer. Attacks have evolved from just encrypting everything to extortion, and then to mixing in other attacks in order to collect the ransom. It's possible that future attacks will involve going down the supply chain if the victims don't pay.
"It's all about interrupting business and interrupting revenue ... we don't think this is just a tech issue about encrypting data anymore," Heinemeyer says.
Note: DR Technology is sponsored by Darktrace.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024