Cyberattacks and Stormshield Endpoint Security: Looking Back on the Second Half of 2017
25 01 2018
Cyberattacks are increasingly capable of circumventing traditional protection tools. Why? Because of the inherent vulnerabilities in new work practices (collaborative, remote, on mobile devices, etc.) as well as in sharing personal data online. Spear phishing, ransomware, zero-day vulnerabilities – the success of these mechanisms reveals that workstations remain the main point of entry for IT infrastructures. Stormshield’s Security Intelligence team leverages our various tools and solutions to decrypt these attacks. From June to December, here is what we have learned over the last six months of 2017.
In order to protect workstations, our Stormshield Endpoint Security (SES) solution is based on behavioral analysis. As a result, it effectively blocks malicious acts without, however, being able to differentiate between two malware programs exploiting the same vulnerability. This behavior nevertheless noticeably increases protection by immediately enabling it without any prior knowledge of the malware.
Based on the information provided by Breach Fighter*, our Security Intelligence team has, however, been able to provide some metrics. If July seems to be hackers’ month off, the next five months were riddled with Locky, GlobeImposter, Trickbot, and even Jaff attacks.
Graph of the volume of attempts to download files containing malware (June-December 2017)
At the same time, the Security Intelligence team studied 455 vulnerabilities between June and December 2017. Our SES solution blocked a total of 419, or 92%, of them.
More precisely, our SES solution blocks 100% of vulnerabilities exploited by malware over this period.
Extract of vulnerabilities that could have been exploited at the time of the analysis (June-December 2017)
Moreover, during this period, our Security Intelligence team realized that SES’s behavioral analysis blocked massive attacks an average of 4 hours before the most responsive traditional antivirus solutions did – a window that corresponds to the duration of the attack.
Security Intelligence: Prevention and Response
Stormshield’s Security Intelligence team studies threats in order to understand them and devise ways to improve Stormshield’s product portfolio. At the same time, it also contributes to the cybersecurity community by sharing expertise and collaborating with professional organizations (CERT, research institutions, security specialists, and others).
For the technophiles among you, visit our blog “This Is Security” to discover the latest analysis of a recent sample of Agent Tesla, which was sent using a simple Word document (post in English).
* Breach Fighter, Stormshield Network Security’s sandboxing solution based on our Stormshield Endpoint Security technology