Protect Your Data from the Most Sophisticated Cyberthreats


There are many products on the market today that are focused on preventing a ransomware attack: firewalls to stop viruses from entering, scans that detect unusual activity and signatures of common malware, and more. These pre-attack products are critical in supporting a cyber resiliency strategy; however, what happens when these solutions fail, and an attack is successful? How does an organization detect, diagnose and recover quickly?

This is where CyberSense fits into the tech stack. CyberSense is a software option available with Dell PowerProtect Cyber Recovery. CyberSense is a post-attack product that is focused on data resiliency and does not replace the ransomware prevention approaches of the pre-attack products. Rather, it is a last line of defense that helps determine what data has been corrupted, and what backups are good in order to facilitate a clean and rapid recovery when prevention fails. This is especially important as new, more sophisticated variants are deployed.

Graphic illustrating how CyberSense can help with data protection before and during a cyberthreat event, also how it can help with data recovery after a cyberthreat attack.

A new variant, BianLian, appeared on VirusTotal in August 2022. This new variant utilizes the Google Go programming language for portability across OS platforms, so the ransomware authors only need to write the ransomware once and can then run it on Windows, Linux, Solaris, etc. allowing them to get to market quickly across a range of targets. The BianLian variant encrypts inside a file and adds a new file extension. For encryption, the malware divides the file content into small chunks is a method to evade detection by Anti-Virus products. Read more here.

What BianLian shows us is that the community of bad actors are getting smarter, using advanced technology and outsmarting existing and traditional security tools. There are several approaches that are becoming less effective against these new variants.

Signature-based Scanning

Many data protection vendors have added signature-based scanning tools to their backups to find known malware. Signature-based scanning has some value with backup data during restoration, such as scanning for known malware with a known signature to avoid restore the malware after an attack. The question to ask here is if the malware was not detected using the current signature watchlist in production, then why do you think you will have any success in scanning your backups with these same signatures?

New variants, including BianLian, are being designed to evade signature-based approaches. A simple change in the encryption algorithm will change the signature of any variant. This is why signatures must be updated on a continual basis, a never-ending and less successful battle.

Metadata Analysis and Data Thresholds

The use of concepts such as metadata analysis and data thresholds have also become commonplace for backup software vendors, but they can be easily outsmarted by bad actors using more advanced approaches. Examples of metadata analysis includes scanning for extensions known to be used when data is corrupted. In the case of…

…Read more

Visit source

We use income earning auto affiliate links. More on Sponsored links.
Advertisement Amazon

Related Posts