Getting ahead of Heartbleed and CrytoLocker

The idea of businesses using proactive security measures that can prevent attacks from the likes of Heartbleed and CryptoLocker, rather than just mop up the consequences afterwards, is gaining traction, with Lancope targeting new proactive tools at these two nasties in particular

  • 10 years ago Posted in

Security specialist, Lancope, has recently announced that its security research team, the racily named StealthWatch Labs, has conducted advanced research to provide cutting-edge protection against recent, destructive cyber-attacks including Heartbleed and CryptoLocker.

Through unique, behavioural-based threat detection, reverse engineering of prominent threats, and sophisticated network forensics, StealthWatch Labs uses a multi-pronged approach to keep customers shielded from devastating breaches.

Lancope continues to evolve its technology through in-depth research and the addition of new defence techniques to its StealthWatch system to allow for continuous response to today’s top threats.

“Malicious attackers have honed their craft to the point where they can evade even the most tried-and-true security technologies and best practices,” said Tom Cross, director of security research and head of StealthWatch Labs at Lancope. “Without constantly dissecting and reverse engineering their attacks, the security industry has no hope of keeping up. StealthWatch Labs relentlessly investigates attacker motives and methods to both educate customers and incorporate enhanced threat protection capabilities into the StealthWatch System, especially in the face of large-scale attacks like Heartbleed and CryptoLocker.”

Back in April, news of the OpenSSL Heartbleed vulnerability the tech world as the biggest software vulnerability of the year thus far. Unfortunately, since OpenSSL is used so prevalently, many organisations may be unsure whether they are vulnerable or compromised. However, using Lancope’s StealthWatch System, organisations can detect Heartbleed attacks in real time through predictive security analytics, as well as search their networks for various indicators of compromise (IOCs) from the attacks to help determine if they were previously a victim.

The StealthWatch System provides real-time detection of long flows that could be indicative of Heartbleed attacks through its `Suspect Long Flow’ security event, which was developed years before the Heartbleed vulnerability even surfaced.

Additionally, the latest, Version 6.5 release of the StealthWatch System enables users to create custom security events and alarms to assist with detection efforts. The system can also be used to forensically search NetFlow logs for IP addresses and traffic characteristics associated with attacks targeting the Heartbleed vulnerability.

With CryptoLocker, the goal is to encrypt a multitude of files on victims’ systems, then loudly make its presence known in order to collect money in return for a decryption key. This attack is a big problem for IT and security professionals, because unlike other types of ransomware, it is not possible to restore encrypted files even after removing the CryptoLocker malware from infected systems (unless they were backed up elsewhere).

Fortunately, CryptoLocker does have one Achilles’ heel – the need to use a domain generation algorithm (DGA) to create a multitude of domain names for command-and-control (C&C) operations. Through reverse engineering, StealthWatch Labs has found a way to quickly detect and shut down CryptoLocker attacks by incorporating this DGA into the StealthWatch Labs Intelligence Center (SLIC) Threat Feed.

Obtaining an alert on communication or attempted communication with a CryptoLocker C&C server enables organisations to quickly prevent the CryptoLocker infected host from communicating with the rest of the network, as well as hopefully limit the damage to that host. This capability is key since CryptoLocker not only encrypts local files on the originally infected system, but also tries to encrypt files on connected network drives and cloud storage services.

Through the StealthWatch Labs Intelligence Center, Lancope delivers global intelligence on the Internet’s top threats to customers and the public at large. Additionally, the SLIC Threat Feed continuously monitors customer networks for thousands of known C&C servers to provide an additional layer of protection from botnets and other sophisticated attacks.

The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...
Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...