Advancements in technology and processing such as Artificial Intelligence has brought new kind of protection to the surface. Rather than depending on the past to predict future (signature based algorithms), we can now study the behavior of a process or software and instantly respond. Such real time analysis can detect new forms of malware and attacks which have not appeared before. Being ahead of the game is the only way to win. Our solution is to stop the process immediately and DISCONNECT/ISOLATE the infected machine from the network to prevent the propagation of the infection to other machines.
FIND-IT, FIX-IT AND SECURE-IT
We call is “FIND-IT, FIX-IT and SECURE-IT. Why wait for a hack to occur when we can stop it! How can you eliminate the possibility of an attack and be sure that you can recover fast with zero down time? As you probably know the weakest link in your organization is not the servers but an employee’s desktop or laptop. The weakest links in an organizations infrastructure is first humans and then the second is a desktop.
AS AN EXAMPLE
Crypto-miners are becoming alarmingly widespread. In fact, a new form of sophisticated miner was lately discovered. The miner, named GhostMiner, uses advanced techniques copied from the malware world. For example, it uses Windows built-in PowerShell framework to run in file-less mode. This technique is popular practice used by malware, allowing them to run completely from memory, leaving no trace on the file system. As a result, GhostMiner is less susceptible to detection by conventional anti-malware solutions. Furthermore, GhostMiner looks to spread at the environment. It scans random IP addresses, looking to attack servers running MSSQL, Oracle WebLogic and phpMyAdmin. GhostMiner also leverages a hard-coded blacklist to hunt down and kill competing miners on the victim machine. Though this kind of behaviour was observed in the past, and it’s not completely new, it gives us a closer look at the author’s nefarious intentions. The good news is that SentinelOne protects against GhostMiner. With its unique machine learning techniques, SentinelOne technology detects the miner behavioural patterns and prevents it from running. is agent installed on a “victim” machine was able to detect GhostMiner and protect the en-point from it.