Thursday, September 20, 2018

Edx Threat Detection: Planning for a Secure Enterprise: Ransomware

Ransomware

Unlike malware that uses stealth methods of infiltrating a network or system, ransomware makes sure that its presence is known to maximize financial gain. Ransomware is both disruptive and destructive. It does more than just display ads or track keystrokes - it locks data or systems down, rendering victims helpless, and directly demands payment from the infected end user. Although ransomware infection vectors and payment methods have slightly evolved over time, their objective largely remains the same: to get victims to pay the ransom for encrypted data or locked systems. Ransomware is like other social engineering attacks, such as info-stealing “extortionware”, which not only locks data or systems down, but threatens to expose sensitive information to the public if the ransom is not paid.
Recent data exposure incidents for dating, shopping, and networking sites provide examples of how “extortionware” affects both targeted entity (or website) and the individual end user who has otherwise innocently logged on or used the site. Aside from being associated with social engineering attacks, this threat leverages the capabilities of other malware, especially exploit kits to penetrate a system. These types of malware combinations have produced disastrous outcomes, some of which can be linked to Advanced Persistent Threats (APT) where corporations, organizations, and governments are severely affected by the effects of the threat.
Although mobile ransomware hasn’t yet reached the sophistication and prevalence of those that affect PCs, mobile malware is something that the security industry is keeping track of. As the infrastructure for bring your own device (BYOD) setups in the workplace become more common, so too does the risk that an infection from an employee’s personal device can spread to the enterprise network. Microsoft Mobile Device Management technologies can help prevent ransomware and other infections on employee BYODs.
More recent ransomware employ TOR (The Onion Router) software to conceal or anonymize their infection vectors. This forms one of the major challenges in eradicating ransomware, as it makes it harder for researchers to zero in on the distribution methods and resources that promulgate ransomware. This anonymization is further aided by the ransomware’s demand for payment in the form of virtual currencies, such as Bitcoins, which are inherently harder to track and control by governments.
While the primary means of addressing the threat of ransomware focuses on prevention, including keeping antimalware software up to date, controlling entry points, and maintaining a consistent and frequent offline backup schedule, threat detection also plays a significant mitigating role, by helping to minimize the scope of attacks

https://courses.edx.org/courses/course-v1:Microsoft+INF249x+2T2018/course/

No comments:

Post a Comment