A payload at the end of the attack chain, malware is continually evolving to evade detection. With advanced malicious software no longer the nation-states’ preserve, security teams are up against a growing volume of sophisticated threats designed to steal data and inflict maximum downtime on operations.
Malware prays on emotional response of the end user, often using financial threats or health fears as a method of engaging the user to respond to the email, SMS or social media post. The call to action is often to click a link or to part with information that will allow the attacker to carry out a more targeted attack or to take control of the user’s endpoint.
Sapphire offers some of the most progressive anti-malware technologies on the market. Deployed in layers alongside other countermeasures, they significantly increase threat detection chances across networks, endpoints, and the cloud.
Comprehensive: Protect endpoints, servers, networks, databases, and cloud applications from malicious software
Sophisticated: Detect and prevent the full range of obfuscation techniques used by threat actors using the latest behavioural and automated learning techniques
Strategic: Enterprise-scale management of malicious incidents with centralised reporting and logging to allow forensic investigations and management reporting
In April, Sapphire threat intelligence resources identified a sophisticated ransomware campaign utilising the Cring malware and leveraging vulnerability (CVE-2018-13379), identified in 2019 affecting Fortinet VPN Servers. This allows a threat actor to connect to the VPN appliance with no authentication and download session files containing usernames and passwords in clear text.
Though this vulnerability has had a patch available since it was discovered, a list of known public-facing devices that were still vulnerable began to circulate around dark web forums in late 2020. The primary target of these attacks has been industrial enterprises located throughout Europe, with at least one resulting in the temporary closure of a production site.CRING RANSOMWARE
Industrial enterprises are often tempting targets for threat actors as IT infrastructure, especially security is generally given less importance than the safety, reliability and production capacities within these environments. Due to these constraints, prevention through best practice and regular patching are the most effective methods of protecting industrial sites from attackers without compromising functionality.
Sapphire recommends implementing the following to minimise risk without impacting business.
Sapphire allows organisations to eliminate web and email security risks through isolation – moving potentially malicious web-based functions away from the network and into a secure cloud.
Web isolation also known as remote browser isolation is where all browsing activity is contained in an isolated cloud-based platform away from the network. All sanitised and non-executable content is rendered safely in users devices, therefore, eliminate the risk of an attack.
Block known malicious attachments whilst isolating all other attachments. This enables users to access rendered content, therefore, having no impact on productivity. Reduce the risk of credential theft by preventing users from credentials into website forms.
Advanced malware protection requires a layered approach to preventing attacks including continuous network scans, advanced antivirus software, IPS and more. Sapphire’s range of Next Generation Firewalls (NGFW) provide the best malware protection with the ability to identify and block malware before it enters your network.
There are many types of malware that can attack your networking including ransomware, viruses, spyware, trojans and adware. Sapphire works with the worlds-leading endpoint security technologies to help organisations mitigate the issue of malware by detecting and remediating threats.
Reduce risks associated with phishing and spear-phishing, such as ransomware and malware with Sapphire’s security awareness training. Raise general awareness of email security, the implications of opening emails and measure how susceptible users are to phishing attacks and implement an effective improvement programme with rich training content.
Malware is short for malicious software. It is a catch-all term for any piece of software with nefarious intent designed to act on an organisation’s endpoints and networks.
Common types of malware include: