People seem to forget the days your computer worries were whether you had a virus or had to uninstall software that you didn’t intentionally download. Maybe even a browser hijacker that monitored your browsing activity and sold it to marketing companies. But with today’s standard signature and heuristic based antivirus, even free versions, you’ll likely never deal with those issues again because of how easily standard antivirus can spot it.
However newer, more advanced threats slip past standard antivirus because they aren’t recognized or don’t leave signatures. Ransomware seems to be all the new talks about regarding business these days, and for good reason. 68% of organizations were a victim of a cyberattack last year, 62% of which were SMBs. The number is increasing, as more attacks happen and businesses don’t address these threats either because of the “It didn’t happen to us yet” or “My ISP has web filtering and offers free antivirus it’s good enough” attitudes. What is more disturbing is that of those attacks, 91% of the organizations had all firmware and operating systems up to date! So how did this happen? How did we get to this point? And what can we do?*
First, let’s get you introduced to some four of the most popular advanced threats that traditional antivirus won’t stop.
Ransomware
Ransomware is when your computer data is scrambled and only the cybercriminal has the key to unlock it; they do not unlock your data unless the ransom is paid. If your data has value outside of your organization, such as personal information, it can be sold on the dark web to criminals who will steal the victim’s identities, or sell your businesses proprietary information to a competitor, although most notably it goes overseas where patent law is impossible to enforce.
26% of victims who paid the ransom actually got their data back. 84% of businesses have cyber insurance, but only 64% of those policies cover ransomware attacks. $760,000 is the average cost of small business to deal with a ransomware attack, the litigation that follows, and lost revenue.*
Phishing
Cybercriminals try to get information out of you via a deceptive email, phone call, or even walking into your building posing as a contractor or something. The value is they can walk around and see computer screens and talk to employees as they pass by. As they gather information about your life, or your company, they get a picture of the structure. In elaborate cases, cybercriminals don’t immediately take your information and go to work. They use it to build a picture of the business, such as the organization structure, so they can later write an email appearing to come from someone higher up the food chain than you, making you believe the threat is credible. I’ve seen emails appearing from the CEO that ask a manager to go and buy gift cards because the CEO forgot their niece had a birthday and his assistant was busy. The email even referred to the CEO’s assistant by name. This manipulator clearly took time and did research, all to make the threat seem more legit.
Exploit
When a crook discovers a vulnerability through unpatched firmware, outdated operating systems, or finds a way in that hasn’t been discovered or mitigated by IT and uses it to gain access to the operating system and makes the apps and software programs installed do things you wouldn’t agree to let them do.
Cryptojacking
Put the words cryptocurrency and hijacking together, and you’ve got cryptojacking. This is likely the first time you’ve heard of it, because this is one of the most recent type of threat. As prices of cryptocurrencies continue to go higher, the demand increases for processing power to process the transactions. A typical bank owns their own server farm that processes transactions, a centralized system. Cryptocurrencies are decentralized, and so everyone can put up their own hardware to process the transactions, paid a fee as a reward for their effort. Cybercriminals are now gaining access to devices and using them to process cryptocurrency transactions to claim the reward. Basically, they are using your hardware and sucking up your electric and processing power to earn money. This “hijacking” of your system often goes on without your knowledge, and poor performance and slowness may be the only symptoms.
Threat Vectors
These threats are introduced to a network typically because end users aren’t educated on security and how to recognize the various types of attacks. Sometimes a USB drive left in a parking lot is picked up by a curious employee, or someone answers an email. This chart breaks down the percentages of how attacks start.
The below chart breaks down the types of attacks.
Cloud Security
70% of organizations are utilizing cloud services and experienced a security issue last year. The days of an organization keeping all of their network behind a firewall in a building are gone – networks extend into private and public cloud. Is your cloud vendor taking security as serious as you? Is the connection between your office and the cloud service secure? 66% of public cloud users were breached due to a security misconfiguration; 33% of breaches resulted in their cloud account credentials being stolen.**
Endpoint Detection and Response
Traditional antivirus uses history to stop threats. As antivirus companies learn of new signatures and heuristics, humans add exact copies of it to a list of known threats. That’s why it’s important to download antivirus updates daily if it doesn’t do it automatically. This software works very well for known threats, but not well for never before seen threats, or just pieces of known code in new threats, or signature-less code. In addition, 75% of malware is unique to a single organization! This means the code was tailor made for a specific attack, and traditional antivirus would miss it. We need a modern solution for modern threats – welcome Intercept X by Sophos.
How it works
CryptoGuard is a signature-less system that monitors for processes trying to encrypt files without your consent. This software stores copies of the potentially encrypted files in a separate location and automatically reverts documents back to their pre-encrypted form. This is a fantastic defense against ransomware, because this software scales faster than humans feeding it information about types of processes to look for – through deep learning AI. AI is algorithms able to add or change their code without humans. Deep learning is step further – it uses multiple algorithms simultaneously to evaluate the same threat and each algorithm arrives at a different conclusion, but all are used and added to the list of known threats. This concept is better known as a neural network, allowing for data to be processed more accurately and quicker than traditional AI.
To make CryptoGuard a more complete product of security, it also defends against exploits by recognizing threats before becoming an issue, by blocking malware delivery techniques instead of the malware, putting it a step ahead of just detecting, it blocks. This is great protection from unknown threats and zero-day vulnerabilities.
*UK-based independent research house Vanson Bourne interviewed 3,100 IT decision makers between December 2018 and January 2019, split across 12 countries and 6 continents.
To provide a representative size split, within each country, respondents were split equally between 100-1000 user organizations and 1001-5000 user organizations, and came from a range of industries.
** Sophos commissioned independent research house Vanson Bourne to survey 5,000 IT managers on their experiences of ransomware. Sophos had no role in the selection of respondents and all responses were provided anonymously. The survey was conducted during January and February 2020. Respondents came from 26 countries across six continents. Within each country, 50% of respondents were from organizations of between 100 and 1,000 employees, while 50% were from organizations of between 1,001 and 5,000 employees. The sectors surveyed were both public and private.