G DATA Techblog: Malware Analysis with a Graph Database

| November 28, 2018

article image
As an anti-virus vendor, we analyse several hundred thousand of potential malware samples per day. We have to classify these new samples which means first of all that we simply have to decide whether the sample is benign or malicious. In case it is malicious, we want to know whether it belongs to a malware family we already know or whether it is a completely new malware. When the malware sample is completely new then a human analyst should probably take a look at it and create a new detection. In case it belongs to an already known family, we improve the family’s detection if necessary to also detect the new sample.

Spotlight

Risk Crew

Risk Crew UK are an elite group of product-independent, information governance, risk, and compliance management professionals. We’re the forerunners in the design and delivery of effective business information and communication technology risk and security solutions for supply chain risk management and one of the very few firms that specialise in testing for the presence of advanced persistent threats.

OTHER ARTICLES

A 4 Step Guide to Stronger OT Cybersecurity

Article | April 14, 2020

Security and risk management leaders at organizations around the world are increasingly concerned about cybersecurity threats to their operational technology (OT) networks. A key driver behind this is that cyberthreats, like disruptionware, are increasing in quantity and sophistication all the time. Industrial control system (ICS) networks are categorized as high risk because they are inherently insecure, increasingly so because of expanding integration with the corporate IT network, as well as the rise of remote access for employees and third parties. An example of an IT network within a control system is a PC that’s running HMI or SCADA applications. Because this particular PC wasn’t set up with the initial intention of connecting to IT systems, it typically isn’t managed so can’t access the latest operating system, patches, or antivirus updates. This makes that PC extremely vulnerable to malware attacks. Besides the increased cyberthreat risk, the complexity resulting from IT–OT integration also increases the likelihood of networking and operational issues.

Read More

Delivering on the promise of security AI to help defenders protect today’s hybrid environments

Article | April 14, 2020

Technology is reshaping society – artificial intelligence (AI) is enabling us to increase crop yields, protect endangered animals and improve access to healthcare. Technology is also transforming criminal enterprises, which are developing increasingly targeted attacks against a growing range of devices and services. Using the cloud to harness the largest and most diverse set of signals – with the right mix of AI and human defenders – we can turn the tide in cybersecurity. Microsoft is announcing new capabilities in AI and automation available today to accelerate that change. Cybersecurity always comes down to people – good and bad. Our optimism is grounded in our belief in the potential for good people and technology to work in harmony to accomplish amazing things. After years of investment and engineering work, the data now shows that Microsoft is delivering on the potential of AI to enable defenders to protect data and manage risk across the full breadth of their digital estates.

Read More

CISOS PARTICIPATE IN CYBER WARGAMES TO HONE RANSOMWARE RESPONSE PLANS WITH EC-COUNCIL

Article | April 14, 2020

EC-Council, leading global information security certification body, conducted a table-top, cyber wargame among top cybersecurity executives in Tampa, Florida. The sold-out session, “CISO wargame,” included 27 senior executives from the largest managed IT service providers in the United States. The event presented the security experts with a simulated incident where an organization is hit by a ransomware attack. Participants had to work to contain the damage of the attack, which grew more complicated as the 4-hour exercise unfolded. Participants were tasked with deciding whether to pay a ransom and use ransom negotiators as well as to communicate with employees, stockholders, and the media about the breach.

Read More

Wormable, Unpatched Microsoft Bug Threatens Corporate LANs

Article | April 14, 2020

Microsoft is warning on a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol – the same protocol that was targeted by the infamous WannaCry ransomware in 2017.The critical bug (CVE-2020-0796) affects Windows 10 and Windows Server 2019, and was not included in Microsoft’s Patch Tuesday release this week. The bug can be found in version 3.1.1 of Microsoft’s SMB file-sharing system. SMB allows multiple clients to access shared folders and can provide a rich playground for malware when it comes to lateral movement and client-to-client infection. This was played out in version 1 of SMB back in 2017, when the WannaCry ransomware used the NSA-developed EternalBlue SMB exploit to self-propagate rapidly around the world.

Read More

Spotlight

Risk Crew

Risk Crew UK are an elite group of product-independent, information governance, risk, and compliance management professionals. We’re the forerunners in the design and delivery of effective business information and communication technology risk and security solutions for supply chain risk management and one of the very few firms that specialise in testing for the presence of advanced persistent threats.

Events