Proactive threat protection not updating
The Forti Sandbox, a core component of Fortinet’s Advanced Threat Protection, is prepared for this next generation of ransomware with its proactive signature detection and behavioral analysis.Traditional signature detection relies on encountering an exact match of a known malicious code.In many ways, it will begin to behave like a human attacker: performing reconnaissance, identifying targets, choosing methods of attack, and intelligently evading detection.” In other words, hackers are making their ransomware smarter by giving them the ability to detect and evade security measures.One instance of these more intelligent attacks was recently reported within the Cerber family of ransomware, which researchers found contains anti-sandbox and anti-detection technology to increase its chances of both infection and persistence.Even worse, when the Petya ransomworm was launched a few weeks later, using the exact same attack vectors as Wannacry, tens of thousands of organizations were still affected.These attacks, which though largely mitigated, are still active, and serve as a reminder that cybercriminals are constantly on the lookout for easy targets and coming up with new ways to infiltrate them.
As we help organizations gear up to protect themselves from ransomware, security channel partners must be aware of the updated features they are combating, such as the development security evasion techniques, and offer their customers effective and competitive solutions.
Fortinet’s ATP solution is uniquely qualified to keep your customers’ network a step ahead of cybercriminals, and protect them from current and future iterations of ransomware for three key reasons.
First, it already provides the ultimate solution to the looming ransomware threat through the Forti Sandbox and its CPRL pre-filtering, which determines if malicious code is searching for a sandbox in order to evade security measures.
We also recently learned that Wanna Cry used an anti-sandbox program, albeit one that was poorly planned, as the ransomware was mitigated by being tricked into thinking it was in a sandbox environment and thereby destroying itself.
Sandboxes are a popular security measure that execute potentially threatening code in an isolated, virtual environment.
This ensures security systems are armed with the most up-to-date threat information and the protocols needed to combat them.