To make matters worse on the ransomware front, attackers have come up with a deviously effective technique for evading detection. Instead of relying on novel or custom-written code to make their way around breached networks, they’re increasingly using the Total Commander file management system, 7zip archiving application, and other widely used products instead.
“This toolset of well known, legitimate utilities anyone might have won’t be detected by endpoint security products,” Sophos notes.
To compound the deception, attackers also download stolen data to storage sites unlikely to set off alarm bells. “The criminals typically send the exfiltrated data to legitimate cloud storage services, which make this activity harder to spot, since these are common, ordinary network traffic destinations,” Sophos says.
More Galleries like This
Sadly, but not surprisingly, ransomware has victimized lots of SMBs in the past year, according to a new study from Datto. The same research points to some encouraging trends, however.
Spook your customers into purchasing the robust security solutions they all should be using with the help of these truly frightening data points from leading security vendors.
Experts from KnowBe4, Malwarebytes, Sophos, Trend Micro, WatchGuard, and Webroot explain why cryptomining is becoming bigger than ransomware, signature-based security is dead tech walking, and artificial intelligence is giving the good guys a fighting chance.
A new report from the security vendor reveals ransomware to be the biggest but far from only significant threat plaguing businesses presently.
The security vendor foresees less ransomware, more business email compromise scams, and a dangerous increase in attacks on industrial infrastructure control systems.