How Attackers Exploit People to Circumvent Cyber... » LONDON, UK: Proofpoint, Inc. has released the results of its annual study that details the ways atta... Check Point and FireEye announce new partnership t... » San Francisco, CA: Check Point Software Technologies Ltd and FireEye have announced a partnership to... gateprotect offers companies high security encod... » Hamburg: gateprotect GmbH, a German IT security specialist and subsidiary of the Rohde & Schwarz cor... BeyondTrust Solution for Privileged Account Manage... » PHOENIX: BeyondTrust has announced that the company’s PowerBroker for Windows has been selected as a... The end of Goodluck and the beginning of the Buhar... » Against all odds, the 2015 Presidential election initially billed for February 14, but rescheduled t... Thales announces integration of nShield with Citr... » San Francisco, CA and Plantation, Fla.:  Thales has announce the integration of its nShield hardware... Thales wins with customer Qube Cinema 2015 InfoSec... » Thales has won the silver award for Best Deployment and Case Study in InfoSecurity Products Guide Gl... Wick Hill now shipping Barracuda Mobile Device Man... » Woking, Surrey: Wick Hill is now shipping Barracuda’s Mobile Device Manager (MDM) solution with supp... Databarracks recognised in Gartner's Magic Quadran... » London: Databarracks has been recognised in Gartner’s Magic Quadrant for Disaster Recovery as a Serv... Campaigners draw up battle lines to boost power... » Gate safety campaigners are once again mounting a high profile drive to raise awareness of the safet...

CLICK HERE TO

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

Sharik is a Trojan which injects itself into legitimate processes, and adds registry entries for an added level of persistence. The infection also sends information about the victim's PC to a remote server. The threat can also receive commands from a known CnC server to download further malicious files. The point of origin in this case is almost always a compromised website, as discussed previously in a Zscaler blog. At the time of research, Chris Mannon, a researcher, Zscaler ThreatLabZ, had not pinpointed the initial infection for this threat. The end result of the Trojan infection appears to be identical to past iterations of this threat.

 

Threat protection needs a greater context today

Traditional security scanning doesn’t work when threats are either net-new or polymorphic in order to evade signatures. That kind of attack shows that it is time for a security paradigm shift. When dealing with previously unknown malware, security shields have to provide the ability to look into a greater context. Signature-based approaches are deemed to fail, as they depend on an understanding of patterns that suggest an attack, and therefore are incapable of detecting new threats. If security systems lack threat histories and known patterns that can be detected, they won’t succeed with nowadays advanced threats.

Enterprises increasingly face advanced persistent threats (APTs) that may leverage previously unknown attack techniques and vulnerabilities. Attacks are increasingly multi-part and sophisticated, sometimes combining APTs and zero-day threats. Behavioural analysis is an important technique for identifying previously unknown threats because this approach does not rely on signatures. Well-executed behavioural analysis can also result in low false-positives compared to traditional pattern matching or signature-based approaches because suspicious activity is observed over a period of time and confirmed.

With behavioural analysis solutions, a binary file is permitted to run in a controlled environment, and its behaviour is monitored and analyzed. Identification of suspicious behaviour—such as the downloading of malware, accessing the file system, logging keystrokes, etc.— allows for the identification of malicious content, even if the sample or techniques leveraged have never been previously observed.

The integration of big data, static analysis and behavioural analysis provides a fuller context for threat protection. By combining behavioural analysis and big data analysis in a cloud-based environment, historical transactions can be linked to with the latest intelligences derived from data mining in the cloud.

Enterprises will continue to encounter APTs that leverage previously unknown attack techniques and vulnerabilities. Only if they manage to adapt and embrace new technologies they will be able keep pace with the evolving threat landscape. Context-based behavioural analysis is essential for protection against modern threats, especially in a work environment that is driven by mobility and always-on mentality of staff, which leads to a greater exposure to security risks.