Feb 15, 2023The Hacker News
Bad actors love to deliver threats in files. Persistent and
persuasive messages convince unsuspecting victims to accept and
open files from unknown sources, executing the first step in a
cyber attack.
This continues to happen whether the file is an EXE or a
Microsoft Excel document. Far too often, end users have an illusion
of security, masked by good faith efforts of other users and
(ineffective) security controls. This creates a virality effect for
ransomware, malware, spyware, and annoying grayware and adware to
be spread easily from user to user and machine to machine. To stop
users from saying, “I reject your reality and substitute my own!” –
it’s time to bust some myths about file-based attacks.
Testing in three! Two! One! Register here[1] and join Zscaler’s
Vinay Polurouthu, Principal Product Manager, and Amy Heng, Product
Marketing Manager, to:
- Bust the 9 most common assumptions and myths about file-based
threats - Uncover the latest evasion trends and detect stealthy delivery
methods - Prevent patient zero infections and zero-day security events
from unknown files
Secure Your Spot: Register Now[2]
The fundamental problems when it comes to stopping
file-based threats
Digital communication would not be possible without file
sharing. Whether we are opening an exported Excel file with a
Salesforce report or downloading a new note taking software, we are
using files to share information and perform critical tasks.
Much like other habitual actions like driving, we develop
assumptions and an over reliance on heuristics towards files and
the security controls that protect us against viruses and malware.
When our guardrails are down, we are susceptible to file-based
attacks.
File-based attacks are attacks that use modified files that
contain malicious code, script, or active content to deliver
threats to users or devices. Threat actors use social engineering
techniques to convince users to open and execute files and launch
cyber attacks. Beyond preying on human behavior, threat actors
program evasive techniques into their files like obfuscation
information or file deletion, making it difficult for existing
tools to detect threats.
Preventing file-based attacks stops zero-day attacks &
patient-zero infections
No one wants to be the first documented victim of a cyber
attack. However, file-based attacks continue to be successful
because businesses still rely on signature-based detection.
The Zscaler ThreatLabz research team discovered the infostealer
malware hiding in pirated software. The threat actors used fake
shareware sites where visitors would download a file that
masqueraded as cracked software. Instead of the intended software,
the payload contained RedLine or RecordBreaker malware, which
collects stored browser passwords, auto-complete data, and
cryptocurrency files and wallets. This attack is difficult to
detect because the threat actors would generate a new
password-protected zip file with every download transaction.
Listing MD5’s would be ineffective.
Stopping zero-day attacks and patient-zero infections requires
inline protection and intelligent, dynamic analysis.
A webinar to figure out what’s fact and what’s fiction
about file-based threats
Leave your assumptions about file-based threats at the door. We
gathered nine most common myths about files, ranging from how
endpoint security may not be enough to block (or not to block)
Macros in Microsoft documents.
Ready to bust some myths? Register for the webinar here[3].
Found this article interesting? Follow us on Twitter [4]
and LinkedIn[5]
to read more exclusive content we post.
References
- ^
Register
here (thehacker.news) - ^
Secure
Your Spot: Register Now (thehacker.news) - ^
Register
for the webinar here (thehacker.news) - ^
Twitter
(twitter.com) - ^
LinkedIn
(www.linkedin.com)
Read more https://thehackernews.com/2023/02/webinar-mythbusting-special-9-myths.html