Detect and Respond to Malware Attacks

By: Kim Ellery | 9/25/2017

2017 has been a record-setting year for malware. Organizations and individuals around the world have been repeatedly under attack by aggressive, pervasive strains of malware, from WannaCry, Mamba and Petya to the most recent Locky strain, already pegged as the largest malware campaign of 2017, with over 23 million messages sent out in 24 hours on August 28, spiking just as US workers arrived at their offices to start the week.

Not to be outdone, Locky was chased by Ursnif, spread by a massive spambot to over 711 million email and server accounts. Ursnif drops component files onto an infected system to create auto start registries, infecting files and grabbing system information and sending it to a Control and Command server.

Reports have also indicated malware in general is on the rise. Mac malware has gone up 220% in 2017,  Google Play just removed 500+ apps hit by malware that could have been used to spy on users. We could go on. Security experts the world over agree: it's no longer just about prevention, it's also about detection and rapid response capabilities.

3 Steps to Boost Your Malware Defences

The key to spotting and containing the spread of malware is already embedded in most endpoints via Absolute’s Persistence technology. Our solution, which is in more than 1 billion popular PC and mobile devices at the firmware level, gives IT departments visibility and control of those devices, on and off the network. Here’s how that’s important:

  1. Early Detection - with Absolute, you are able to see and control rogue or dark endpoints, whether they’re on or off the network. Spot and retire “out of support systems”, remove sensitive data, and monitor OS patches for compliance.
  2. Self-Healing Response - with the power of Application Persistence, you can ensure your entire endpoint security system (made up of patch management tools and other endpoint security agents) is operating at optimal health and efficacy. If attempts are made to disable, disarm, corrupt or delete any of these applications or even the whole OS, our self-healing technology will automatically return devices to a healthy and protected state
  3. Containment - Absolute’s containment capabilities allow an organization to segregate infected devices from the corporate domain to prevent further spread. Our Containment services interact with a company’s firewall to block web traffic to and from devices faster than manual efforts. Firewall rules are also constantly monitored and are re-created or repaired if a user tries to modify them.

The way to contain the damage is ultimately greater awareness, automation, a strong IT asset management program, and a more resilient defense-in-depth architecture. Absolute technology allows security teams to maintain absolute visibility and contain malware-infected devices faster. If you have questions or concerns regarding Locky, WannaCry or other security issues in your organization, please contact our security experts in North America or the UK.

Financial Services