New Locky Strain Evades Machine Learning Security Software
CyberheistNews describes how the new strain of Locky virus works
Virus eludes machine learning detection
Here is the latest tactic in the cat-and-mouse game between cybercrime and security software vendors. The bad guys have come up with new a ransomware phishing attack, tricking users to open what appears to be a document scanned from an internal Konica Minolta C224e.
This model is one of the most popular business scanner/printers in the world. The emails are written to make the user think that the communication is from a vendor. Continue to the full article to see how virus is being delivered.
… Here is how it evades machine learning
“Machine learning algorithms need to extract the attachment, open the archive, extract the script and understand it has a malicious intent,” said Orhan, the Comodo research head. “But usually, these scripts contain just a download component and do not have malicious intent on their own.”
“That’s why even machine learning is not sufficient in making these kind of detections,” he continued. “Complex solutions are needed to run the script dynamically, download actual payload, and perform malware analysis to conclude that it is phishing.”
In other words, it looks like that again the bad guys are ahead of your spam filters, whether that is a traditional or new machine-learning flavor.
Now, the Locky payload still ultimately uses an executable file written to disk, so your endpoint security may be able to block it. There are other types of attacks that take advantage of machine learning blind spots (fileless attacks, for example), but this isn’t one of them. What the bad guys behind Locky count on is cranking out so many new variants that antivirus (even some machine learning ones) won’t recognize and block it….
Source: CyberheistNews Vol 7 #39 New Evil Locky Ransomware Strain Evades Machine Learning Security Software
Currently we are going to have to watch how this version spreads as it seems it may be very difficult to identify in the wild. My first recommendation to my clients and customers is backup local and remote. Tools from companies like Acronis, Carbonite, and many others may be the best 1st defense to this attack. For help with backup solutions please contact us.
Security News presented by E2 Computers, in Tarpon Springs and on the web at www.end2endsupport.com.
