Cb Connect 2018 | Power of You | Register Now


‘Clever Girl…’ Non-Malware and Ransomware Attacks Show How Inventive Attackers Can Be

December 19, 2016 / Sean Blanton

As a child of the 90s, I don’t think I’m alone when I say I have the occasional nightmare that involves me frantically running away from a pack of Velociraptors that are hot on my trail. (You’ve seen Jurassic Park, right?)

It’s not the razor-sharp teeth or the “clack-clack-clack” of those giant toe-claws that haunt me; it’s the knowledge that their intelligence helps them bypass every barrier (or door handle) I throw their way.

As 2016 comes to a close and we reflect on the clever attacks we saw over the course of last year, it can feel like we’re right in the middle of that chase once again. But don’t dismay! Unlike in my dreams, a helpful T-Rex is just around the corner.

New Research Shows Future Attacks Will Be More Diverse

Carbon Black recently published its 2016 Threat Report, which analyzed data from more than 1,000 customers totaling over 2.5 million endpoints to determine the prevalence of malware, non-malware attacks and ransomware attacks over the course of 2016.

The report contains many great finds, including a rapid rise in the use of both ransomware and non-malware attacks. Non-malware attacks (those that exploit vulnerabilities and use native applications to cause harm) were seen across the board, with virtually every organization in our research hit by this kind of attack.

Ransomware, although representing only about 2% of the total malware attacks, grew more than 50% from last year, and stands to end the year collecting close to $850 million for attackers, compared to the $24 million it brought in over 2015.

They Know You Have Antivirus, So They Step Right Past It

Two attacks in particular epitomize the growth of “inventive” attacks – PowerWare and Popcorn Time. PowerWare was discovered in March of 2016 and represents the unholy marriage of non-malware and ransomware attacks.

Typically, ransomware works by downloading and installing new software designed to encrypt local files and lock out legitimate users from accessing them until the ransom is paid. This approach (like most malware) is only effective if your antivirus solution is unaware of the software in use. Not taking any chances, the authors of PowerWare bypass that concern completely and invoke PowerShell, a native and powerful developers tool on Windows machines, to do the work traditional malware would do.

Ransomware is Taking “Going Viral” to a Whole New Level

Another attack of note is only just peeking through, and while its payload is similar to most ransomware, its ransom note contains a disturbing new twist. Popcorn Time does what typical ransomware does: infect, encrypt, and extort. However, Popcorn Time is giving its victims an interesting new way to decrypt their files if they cannot afford the Bitcoin payment. They have the option to send a malicious link to two people and, if those people pay the ransom, the decryption key is delivered. Devious!

This is a very unique approach to distribution. It remains to be seen if it will be successful, but such variants tell you that attackers are constantly thinking of new ways to attack and bypass security controls.

Carbon Black is Here to Help

It may seem like an uphill battle keeping up with out-of-the-box attacks, but Carbon Black’s Cb Defense specifically combats the worst attackers can throw your way, including commodity malware, ransomware and non-malware attacks.

In addition to strong technology, we also encourage you to stay up-to-date with the latest attack trends and statistics so you can best prepare to react to new variants we have yet to uncover. You can rest easy knowing you and your endpoints won’t be dinosaur food anytime soon.

To view the 2016 Carbon Black Threat Report in its entirety, including security recommendations for ransomware, what a typical ransomware attack looks like, and security predictions for 2017, click the image below.


TAGS: Carbon Black / malware / Non-Malware Attacks / ransomware / Threat Report