We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
Security specialist, Lancope, has recently announced that its security research team, the racily named StealthWatch Labs, has conducted advanced research to provide cutting-edge protection against recent, destructive cyber-attacks including Heartbleed and CryptoLocker.
Through unique, behavioural-based threat detection, reverse engineering of prominent threats, and sophisticated network forensics, StealthWatch Labs uses a multi-pronged approach to keep customers shielded from devastating breaches.
Lancope continues to evolve its technology through in-depth research and the addition of new defence techniques to its StealthWatch system to allow for continuous response to today’s top threats.
“Malicious attackers have honed their craft to the point where they can evade even the most tried-and-true security technologies and best practices,” said Tom Cross, director of security research and head of StealthWatch Labs at Lancope. “Without constantly dissecting and reverse engineering their attacks, the security industry has no hope of keeping up. StealthWatch Labs relentlessly investigates attacker motives and methods to both educate customers and incorporate enhanced threat protection capabilities into the StealthWatch System, especially in the face of large-scale attacks like Heartbleed and CryptoLocker.”
Back in April, news of the OpenSSL Heartbleed vulnerability the tech world as the biggest software vulnerability of the year thus far. Unfortunately, since OpenSSL is used so prevalently, many organisations may be unsure whether they are vulnerable or compromised. However, using Lancope’s StealthWatch System, organisations can detect Heartbleed attacks in real time through predictive security analytics, as well as search their networks for various indicators of compromise (IOCs) from the attacks to help determine if they were previously a victim.
The StealthWatch System provides real-time detection of long flows that could be indicative of Heartbleed attacks through its `Suspect Long Flow’ security event, which was developed years before the Heartbleed vulnerability even surfaced.
Additionally, the latest, Version 6.5 release of the StealthWatch System enables users to create custom security events and alarms to assist with detection efforts. The system can also be used to forensically search NetFlow logs for IP addresses and traffic characteristics associated with attacks targeting the Heartbleed vulnerability.
With CryptoLocker, the goal is to encrypt a multitude of files on victims’ systems, then loudly make its presence known in order to collect money in return for a decryption key. This attack is a big problem for IT and security professionals, because unlike other types of ransomware, it is not possible to restore encrypted files even after removing the CryptoLocker malware from infected systems (unless they were backed up elsewhere).
Fortunately, CryptoLocker does have one Achilles’ heel – the need to use a domain generation algorithm (DGA) to create a multitude of domain names for command-and-control (C&C) operations. Through reverse engineering, StealthWatch Labs has found a way to quickly detect and shut down CryptoLocker attacks by incorporating this DGA into the StealthWatch Labs Intelligence Center (SLIC) Threat Feed.
Obtaining an alert on communication or attempted communication with a CryptoLocker C&C server enables organisations to quickly prevent the CryptoLocker infected host from communicating with the rest of the network, as well as hopefully limit the damage to that host. This capability is key since CryptoLocker not only encrypts local files on the originally infected system, but also tries to encrypt files on connected network drives and cloud storage services.
Through the StealthWatch Labs Intelligence Center, Lancope delivers global intelligence on the Internet’s top threats to customers and the public at large. Additionally, the SLIC Threat Feed continuously monitors customer networks for thousands of known C&C servers to provide an additional layer of protection from botnets and other sophisticated attacks.
