Intrusion Detection & Prevention Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts Tagged :

Intrusion Detection & Prevention

How AI stopped a WastedLocker intrusion before ransomware deployed

1024 681 Stuart O'Brien

By Max Heinemeyer, Director of Threat Hunting, Darktrace

Since first being discovered in May 2020, WastedLocker has made quite a name for itself, quickly becoming an issue for businesses and cyber security firms around the world. WastedLocker is known for its sophisticated methods of obfuscation and steep ransom demands.

Its use of ‘living off the land’ techniques makes a WastedLocker attack extremely difficult for legacy security tools to detect. As ransomware dwell time shrinks to hours rather than days, security teams are increasingly relying on artificial intelligence to stop threats from escalating at the earliest signs of compromise – containing attacks even when they strike at night or on the weekend.

This article examines a WastedLocker intrusion that targeted a US agricultural organization in December.

The initial infection appears to have taken place when an employee was deceived into downloading a fake browser update. Attempted reconnaissance began just 11 minutes after the initial intrusion, and the attacker used an existing administrative credential to establish successful administrative and remote connections to other internal devices. Several hours later – in the early hours of the morning – the attacker used a temporary admin account to attempt a file transfer.

Darktrace AI detected every stage of this intrusion, picking up on all unusual activity for the organization and unusual user behavior, including HTTP connections to anomalous external destinations and highly unusual connections between internal devices.

With Darktrace’s real-time detections – and Cyber AI Analyst investigating and reporting on the incident in a number of minutes – the security team were able to contain the attack, taking the infected devices offline.

Without Darktrace in place, the ransomware would have been successful in encrypting files, preventing business operations at a critical time and possibly inflicting huge financial and reputational losses to the organization.

Darktrace’s AI detects and stops ransomware in its tracks without relying on threat intelligence. Ransomware has thrived this year, with attackers constantly coming up with new attack TTPs. However, the above threat find demonstrates that even targeted, sophisticated strains of ransomware can be stopped with AI technology.

For more information on Darktrace, click here.

Do you specialise in Intrusion Detection & Prevention? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in March we’re focussing on Intrusion Detection & Prevention solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Intrusion Detection & Prevention solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

Mar – Intrusion Detection & Prevention
Apr – Phishing Detection
May- Advanced Threat Dashboard
Jun – Browser/Web Security
July -Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Do you specialise in Intrusion Detection & Prevention? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in March we’re focussing on Intrusion Detection & Prevention solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Intrusion Detection & Prevention solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

Mar – Intrusion Detection & Prevention
Apr – Phishing Detection
May – Advanced Threat Dashboard
Jun – Browser/Web Security
Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Do you specialise in Intrusion Detection & Prevention? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – in March we’re focussing on Intrusion Detection & Prevention.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Intrusion Detection & Prevention specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here are the areas we’ll be covering, month by month:

Mar – Intrusion Detection & Prevention
Apr – Phishing Detection
May – Advanced Threat Dashboard
Jun – Browser/Web Security
Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

For information on any of the above topics, contact Chris Cannon on c.cannon@forumevents.co.uk.

Do you offer Intrusion Detection & Prevention solutions? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – in April we’re focussing on Intrusion Detection & Prevention solutions.

It’s all part of our new ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Intrusion Detection & Prevention specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Lisa Carter on lisa.carter@mimrammedia.com.

Here are the areas we’ll be covering, month by month:

April – Intrusion Detection & Prevention

May – Phishing Detection

June – Advanced Threat Dashboard

July – Browser/Web Security

August – Authentication

September – Penetration Testing

October – Vulnerability Management

November – Employee Security Awareness

December – Malware

For information on any of the above topics, contact Lisa Carter on lisa.carter@mimrammedia.com.