Bad actors love to deliver threats in files. Persistent and persuasive messages convince unsuspecting victims to accept and open files from unknown sources, executing the first step in a cyber attack.
This continues to happen whether the file is an EXE or a Microsoft Excel document. Far too often, end users have an illusion of security, masked by good faith efforts of other users and (ineffective) security controls. This creates a virality effect for ransomware, malware, spyware, and annoying grayware and adware to be spread easily from user to user and machine to machine. To stop users from saying, “I reject your reality and substitute my own!” – it’s time to bust some myths about file-based attacks.
Testing in three! Two! One! Register here and join Zscaler’s Vinay Polurouthu, Principal Product Manager, and Amy Heng, Product Marketing Manager, to:
- Bust the 9 most common assumptions and myths about file-based threats
- Uncover the latest evasion trends and detect stealthy delivery methods
- Prevent patient zero infections and zero-day security events from unknown files
The fundamental problems when it comes to stopping file-based threats
Digital communication would not be possible without file sharing. Whether we are opening an exported Excel file with a Salesforce report or downloading a new note taking software, we are using files to share information and perform critical tasks.
Much like other habitual actions like driving, we develop assumptions and an over reliance on heuristics towards files and the security controls that protect us against viruses and malware. When our guardrails are down, we are susceptible to file-based attacks.
File-based attacks are attacks that use modified files that contain malicious code, script, or active content to deliver threats to users or devices. Threat actors use social engineering techniques to convince users to open and execute files and launch cyber attacks. Beyond preying on human behavior, threat actors program evasive techniques into their files like obfuscation information or file deletion, making it difficult for existing tools to detect threats.
Preventing file-based attacks stops zero-day attacks & patient-zero infections
No one wants to be the first documented victim of a cyber attack. However, file-based attacks continue to be successful because businesses still rely on signature-based detection.
The Zscaler ThreatLabz research team discovered the infostealer malware hiding in pirated software. The threat actors used fake shareware sites where visitors would download a file that masqueraded as cracked software. Instead of the intended software, the payload contained RedLine or RecordBreaker malware, which collects stored browser passwords, auto-complete data, and cryptocurrency files and wallets. This attack is difficult to detect because the threat actors would generate a new password-protected zip file with every download transaction. Listing MD5’s would be ineffective.
Stopping zero-day attacks and patient-zero infections requires inline protection and intelligent, dynamic analysis.
A webinar to figure out what’s fact and what’s fiction about file-based threats
Leave your assumptions about file-based threats at the door. We gathered nine most common myths about files, ranging from how endpoint security may not be enough to block (or not to block) Macros in Microsoft documents.
Ready to bust some myths? Register for the webinar here.
No Comments