SlideShare verwendet Cookies, um die Funktionalität und Leistungsfähigkeit der Webseite zu verbessern und Ihnen relevante Werbung bereitzustellen. Wenn Sie diese Webseite weiter besuchen, erklären Sie sich mit der Verwendung von Cookies auf dieser Seite einverstanden. Lesen Sie bitte unsere Nutzervereinbarung und die Datenschutzrichtlinie.
SlideShare verwendet Cookies, um die Funktionalität und Leistungsfähigkeit der Webseite zu verbessern und Ihnen relevante Werbung bereitzustellen. Wenn Sie diese Webseite weiter besuchen, erklären Sie sich mit der Verwendung von Cookies auf dieser Seite einverstanden. Lesen Sie bitte unsere unsere Datenschutzrichtlinie und die Nutzervereinbarung.
Cerber, a crypto-ransomware, has previously been seen distributed via exploit kits and over e-mail using DOC files with macros.
This is the first time that we have seen Cerber distributed via the use of WSFs (windows script files).
The attacker uses 2 methods to trick end-users into executing the ransomware: the email contains an attachment AND a URL link. Firstly, there is a malicious attachment (a zip file). Secondly, there is a convincing looking unsubscribe link at the bottom which ends up redirecting the user to a similar ZIP file.
Windows Script Files are described here: https://msdn.microsoft.com/library/15x4407c(v=VS.84).aspx
BLOCKED AFTER ANALYSIS
The Exploit kit stage is Not Applicable to this attack.
The payload is delivered by socially engineering the end-user to download the malicious file.
Cerber is a highly customisable crypto-ransomware that will encrypt local files and request a payment in order to get the files decrypted.
Cerber is believed to be operated as a ransomware-as-a-service (RaaS) model. The original authors sell the ransomware package to other cyber criminals, as such there is not one group using Cerber but many.
We protect at Stage 5 by blocking the WSF files.
BLOCKED AFTER ANALYSIS
We have protection at various points across the threat lifecycle (stage 2 through stage 6), symbolised by the Forcepoint logos.
A malware author would need to change his entire attack method to have any hope of getting past us, and even then we would analyse every component of his new methods.
For more details on the threat lifecycle see our 7 Stages of Advanced Threats page at: http://www.websense.com/sevenstages
What are the exiting building blocks in our tool bag to achieve this vision? What are the proof points that demonstrate we are able to deliver on this? On prem, Cloud or hybrid deployment using the TRITON Platform ISO 27001 Certified cloud infrastructure across 20 data centers, Websense’s TRITON Platform leads the market in terms of a platform approach to helping our customers protect their users from attacks and their information against theft. Successfully integrating Surfcontrol, Blackspider & Websense.
Raytheon wanted to expand from primarily focusing on the government space and were looking to commercialize their offering. That’s why it’s separate.. In the last 12 months we have added Raytheon’s Cyber defence products. – these are the very same products that have been at the front line of the most targeted networks in the world. Under attack at levels that the average enterprise can only imagine! – they were probably the first organization to come across APTs and went into the market to see if there was technology out their to help – in the end they developed their own – it’s this new technology we are working on integrating into ours… Analytics engines as well - Commercialize these. Labs too! We’ve already integrated our labs! And this will benefit more of the back-end research and tech (e.g.- recently added ATP capabilities into our Email cloud product, rolling out to on-prem soon.) We’re just about to integrate our content security gateways to the Threat Protection Appliance (Controlled release) Integrated our SVIT with our DLP – to provide actionable intelligence and risk modelling for insider threat (later)
NETWORK OPERATIONS - CENTRALIZED MANAGEMENT
Plug-and-play deployment for fast and easy remote site rollouts
pushed from the cloud
Call home and
Cut deployment time from
days or week to