...which you won't see if you have Lastline deployed.
(Once again, thanks to Lastline Director of Sales Engineering Dan Mathews.)
Last week saw a major ransomware campaign, one that essentially pairs a few new tricks at getting users to experience some long-standing vulnerabilities. It also exhibits a new level of perseverance, with dozens of links to ensure successful download of the second stage, the actual ransomware.
If you're running Lastline Enterprise in inline email inspection mode, you were protected by default from the first time your organization may have been hit by it. Lastline's behavioral analysis of the artifact recognized its malicious and evasive intent.
Come visit us at Infosecurity Europe 2016 in London. The event runs from June 7 through 9. It's considered one of Europe’s major information security events. There will be over 315 exhibitors displaying a range of products and services. Attendance should top 12,000. Infosec Registration (Free until June 6)
Forrester is one of the most influential research and advisory firms in the world. One of the main ways they publish information about markets and technologies for their enterprise customers is using a methodology called The Forrester Wave™.
Last week, they released their assessment of the APT/advanced malware marketplace, "The Forrester Wave: Automated Malware Analysis, Q2 2016." We are proud to announce that Forrester recognizes us as a leader in advanced malware analysis, detection, and protection.
(With thanks to Lastline Director of Sales Engineering Dan Mathews for the heavy lifting.)
Within the last couple of weeks, the blogosphere has reported on a new Magnitude Exploit Kit campaign, which was recently confirmed as leveraging a zero-day Flash exploit. Adobe Flash Player 22.214.171.124 and earlier is vulnerable; the flaw allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, and has been observed to deliver Cryptowall 3.0 ransomware. While an earlier patch mitigated the behavior somewhat, Adobe was forced to release an emergency patch.
It has been a busy first quarter for Lastline. We presented at a pair of sessions at RSA San Francisco. We won seven 2016 Global Excellence Awards® - three Gold, one Silver, and three Bronze - as well as the Grand Trophy in Info Security Products Guide's 2016 Global Awards in March . We promoted our leadership position in the 2015 NSS Labs Breach Detection study on a pillar at RSA. Also, we have added an experienced security veteran to our executive team.
(Major thanks to Lastline's Co-Founder and Chief Scientist Dr. Christopher Kruegel for the "heavy lifting" including the detailed Research Note and the data analysis that supports it.)
That title may seem a bit, or even a lot, too friendly, considering that malware is certainly no friend of ours, or of you and your organization, for that matter. But we definitely do spend a lot of time with it.
We detonate and analyze a ton of malware samples daily in our cloud and on-premise at our customers in our Deep Content Inspection™ sandboxes. And periodically, we take a step back and look at the body of data, to see if we can spot any trends in how malware behavior is changing. We did this recently for the data that we collected in 2015, and observed three types of malicious behavior that increased significantly, as well as an ongoing pattern in evasive behavior.
Sophisticated attackers can find their way into a corporate network in many ways. An attack could come from an external source, through the exploitation of a service, or by being brought in by a user whose laptop has been infected while traveling. As the network infrastructure of an enterprise evolves, its exposure to attacks evolves as well. For this reason, it is challenging to provide a comprehensive approach that will prevent all attacks: sooner or later, an attack will be successful in penetrating the enterprise network.
Last week, banks in Australia, New Zealand, and Turkey saw the distribution of malware that steals credentials from users of their apps on Android phones and tablets, as well as intercepting the two-factor authentication codes users can receive via text message for increased security. Delivered in the guise of an Adobe Flash Player updater, the malware presents a fake login screen in advance of the real one on the banking apps, tricking users into giving up their credentials. The malware, known by some virus indexers as Android/Spy.Agent.SI, spoofs and intercepts logins for Australia's Big Four banks, as well as dozens of other financial institutions in Australia, New Zealand, Turkey, and elsewhere - Wells Fargo is one known target elsewhere. And, for good measure, it intercepts login attempts on PayPal, eBay, WhatsApp, Skype, and several Google services.