Cambridge : 01223 209920

London : 08456 219920

News and Articles

Wannacry, Petya ~ What’s the next threat?

We wanted to share the latest Blog post by our partner SonicWall, in relation to recent ransomware attacks:

Locky, Then WannaCry, Now Petya. Is This The New Normal in Cyber Security?

News reports continue to roll in about yet the latest massive global ransomware attack. This time, the payload appears to be a ransomware called Petya. SonicWall Capture Labs identified the original Petya variants in 2016. However, this time it appears to be delivered by Eternal Blue, one of the exploits that was leaked from the NSA back in April. This is the same exploit that was used in the WannaCry attack.

Infected systems will initially display a flashing skull, followed by a lock screen:

Once again, the cyber arms race continues to evolve. If I were to boil this down to its essence, what we are now seeing is that cyber criminals are combining exploits and attacks in creative ways that are not necessarily new, but still quite effective. Like mixing cocktails, the ingredients are all well known, but the exact mix can be completely new.

Attack details: SonicWall customers are protected

Today, June 27, SonicWall Capture Labs began tracking a high number of Petya ransomware attacks against SonicWall customers. Petya as a malware payload is not new. In fact, we reported in the 2017 Annual SonicWall Threat Report that it was second only to Locky in the number of infections we noted last year. The good news for SonicWall customers that are using our security services is that we have had signatures for certain variants of Petya since March 2016. Then, in April 2017 Capture Labs analyzed and released protection for the Eternal Blue exploit that Shadow Brokers leaked from the NSA. Also, on June 27, the Capture Labs Threat Research Team issued a new alert with multiple signatures protecting customers from the new Petya Ransomware Family.

Recommendations for SonicWall customers

As a SonicWall customer, ensure that your next-generation firewall has a current active Gateway Security subscription, in order to receive automatic real-time protection from known ransomware attacks such as Petya. Gateway Security includes Gateway Anti-virus (GAV), Intrusion Prevention (IPS), Botnet Filtering, and Application Control. This set of technology:

  • Includes signatures against Petya (part of GAV)
  • Protects against vulnerabilities outlined in Microsoft’s security bulletin MS17-010 (part of IPS)

Since SonicWall Email Security uses the same signatures and definitions as Gateway Security, we can block the emails that deliver the initial route to infection. To block malicious emails, ensure all Email Security services are up to date. Since 65% of all ransomware attacks happen through phishing emails, this also needs to be a major focus when giving security awareness training. Additionally, customers with SonicWall Content Filtering Service should activate it to block communication with malicious URLs and domains, which work similar to the way botnet filtering disrupts C&C communication.

Because more than 50% of malware is encrypted, as a best practice, always deploy SonicWall Deep Packet Inspection of all SSL/TLS (DPI SSL) traffic. This will enable your SonicWall security services to identify and block all known ransomware attacks. Enabling DPI SSL also allows the firewall to examine and send unknown files to the SonicWall Capture Advanced Threat Protection (ATP) service for multi-engine sandbox analysis. We recommend that you deploy Capture ATP in order to discover and stop unknown ransomware variants. Because of the rapid proliferation of malware variants, SonicWall leverages deep learning algorithms to provide automated protection against both known and zero-day threats. The combination of the SonicWall Capture Threat Network and SonicWall Capture ATP sandboxing provides the best defense against newly emerging hybrid attacks such as Petya. As always, we strongly recommend that you also apply the Windows patch provided by Microsoft to protect against the Shadow Brokers leaked exploits as well.  And it is always a good idea to maintain current backups of all critical data to allow recovery in the event of a ransomware event.

 

Click here to read the full report and past blog posts by SonicWall

So what’s the difference between antivirus and anti-malware?

What’s the difference between antivirus and anti-malware?

By Wendy Zamora | September 11, 2015

It’s the $64,000 question. The ultimate question of life, the universe, and everything. (And no, the answer isn’t 42.) Whenever someone begins their search for online security, they ultimately discover there are two major types of protection: antivirus and anti-malware. Which leads them to the inevitable query:

What’s the difference between antivirus and anti-malware?

Virus vs. malware

Before we can answer that, we need to first unveil what, exactly, are viruses and malware. A virus is a piece of code that is capable of copying itself in order to do damage to your computer, including corrupting your system or destroying data. Malware, on the other hand, is an umbrella term that stands for a variety of malicious software, including Trojans, spyware, worms, adware, ransomware, and yes, viruses. So the logic follows: all viruses are malware. Not all malware are viruses. Ya dig?

Unfortunately we can’t stop there because it’s a little more complicated than that. Viruses are considered to be legacy threats. By this we mean: they’ve been around for a while and haven’t changed all that much. They aren’t used very often by today’s cyber criminals, which is why many antivirus companies have evolved to fight more than “just” viruses. This can include infectious malware like worms, web threats like keyloggers, or concealment malware, such as rootkits.

So why do antivirus companies still call themselves antivirus? Since viruses made headlines in the 90s, security companies focused their efforts on fighting them. Thus the term antivirus was born. It all boils down to marketing. Most people are familiar with computer viruses and what they do. Not a lot of people know what malware is.

Compare and contrast

Still, there are key differences between antivirus and anti-malware software that go beyond semantics. What differentiates antivirus and anti-malware companies are the types of malware they specialize in and how they deal with them.

Antivirus usually deals with the older, more established threats, such as Trojans, viruses, and worms. Anti-malware, by contrast, typically focuses on newer stuff, such as polymorphic malware and malware delivered by zero-day exploits. Antivirus protects users from lingering, predictable-yet-still-dangerous malware. Anti-malware protects users from the latest, currently in the wild, and even more dangerous threats. In addition, anti-malware typically updates its rules faster than antivirus, meaning that it’s the best protection against new malware you might encounter while surfing the net. By contrast, antivirus is best at crushing malware you might contract from a traditional source, like a USB or an email attachment.

If antivirus and anti-malware were dances, antivirus would be the waltz and anti-malware would be hip-hop.

So which one should you choose?

No one tool can catch everything, which is why security experts recommend a layered approach. It’s better to have more than one set of eyes looking at threats from different angles. “I’m sure you’ve heard the old saying ‘jack of all trades, master of none,'” says Samuel Lindsey, Malwarebytes user advocate. “That’s how I see all-in-one security suites; they just can’t detect everything on any given day.”

Your best bet is to use an antivirus program to catch the classic threats and an anti-malware program, like Malwarebytes Anti-Malware Premium, for the newer, more advanced dangers. And you needn’t worry about the impact of running two real-time scanners at the same time on your machine’s performance—most anti-malware software is lightweight, easy-to-run, and designed to work alongside antivirus.

So there you have it. Your questions have all been answered. You may now be at peace…