MSPs: Get a Glimpse of Your Security Future Thanks to Predictive Threat Intelligence
The beginning of a new year has always been a customary time for companies to take stock of their current IT capabilities and their readiness to address upcoming challenges. It is especially appropriate for MSPs to perform this self-evaluation in regards to their endpoint security solutions because the most recent (December 2017) Quarterly Threat Trends report from Webroot uncovers some disturbing new developments on the threat horizon.
In the world of cybersecurity, even a small glimpse of future threats could prevent a disastrous and costly breach. Thus the security industry seeks to move beyond reactive mode and become proactive, automating its response to threats and preventing attacks before they happen. Webroot BrightCloud Threat Intelligence Services can actually bring you these desired predictive capabilities, helping you avoid threats and potential breaches for your clients.
Leveraging the predictive capabilities of BrightCloud technology, three experts from the Webroot security team are anticipating several alarming security trends that might emerge in the near future:
Artificial Intelligence (Not Just for the Good Guys)
According to Gary Hayslip, Webroot Chief Information Security Officer, “We anticipate seeing malware that uses artificial intelligence (AI) to get past anti-malware software. A recent demonstration at DefCon shows an instance of malware writers using open-source AI available on GitHub. They were able to create malware variants that got past antivirus solutions 16% of the time. As with any technology, it comes down to who is reviewing the data, and who has the better models.
“In this regard, Webroot is in a very strong position, having spent more than a decade perfecting its models and sourcing a massive amount of real-world information on a continuous basis,” notes Hayslip. “We continually conduct cutting-edge research and incorporate learning into the security platform of services for partners, so they have the tools to be effective in reducing risk exposure and protecting their customers.”
Gary goes on to make some dire predictions about ransomware: “We expect that, soon, we will see ransomware intended to destroy, rather than encrypt. Phishing attacks are by far the most common vector for ransomware, and it becomes even more important to stop the attacks from carrying out their intended mission.”
Explaining how Webroot can effectively combat those attacks, he notes, “The BrightCloud Real-Time Anti-Phishing Service blocks access to pages or URLs that are implicated in phishing attacks, inspecting all indicators of compromise in a coordinated fashion to find all indications of potential malicious activity. In addition, BrightCloud Streaming Malware Detection blocks malicious files at the perimeter, upstream from other technologies.”
Ransomware as a Vector for Secondary Infections
David Kennerley, Webroot Director of Threat Research, warns of the growing sophistication evident in ransomware attacks: “Ransomware writers are getting better at covering their tracks while carrying out more targeted attacks. This is especially true of ransomware that is being served up from malicious URLs, and coming in via phishing attacks.
“Such attacks may be targeted at specific vulnerabilities the hackers feel are likely to exist at a given company,” Kennerley continues, “based on its application portfolio, the size of the network, and other factors that the hackers can discern. Once inside, the ransomware could then make decisions as to what payloads to launch for a secondary infection, based on what it has learned from previous infections and successful attack models.”
The Lure of Embedded Links
Nick Emanuel, Webroot Director of Product, highlights the expanding role that phishing will play in the cyberthreat landscape: “We will continue to see phishing and spear phishing threats that increasingly rely on embedded links. With new GDPR regulations coming soon and Britain leaving the EU, we expect to see companies targeted with phishing and spear phishing attacks that specifically message these topics.”
He elaborates, “Traditional threat intelligence products are inadequate on two levels: They rely on static phishing lists, which are too slow to keep up with the pace of today’s attacks and easily miss phishing sites that come and go in the blink of an eye. In addition, they look at indicators of compromise in isolation, without the contextual analysis that would allow them to connect the dots and predict a real attack.”
Concluding on a positive note, Emanuel emphasizes, “Webroot BrightCloud Threat Intelligence Service not only provides the Real-Time Anti-Phishing Service, but its rich machine learning models and contextual analysis bring together disparate indicators of compromise that, taken as a whole, paint a very different picture of a threat. As more and more phishing attacks rely on embedded links, BrightCloud provides multiple levels of protection.”
Get Complete Quarterly Threat Trends Report
To learn more about how predictive threat intelligence can help you better protect your clients, we encourage you to download the full December 2017 Webroot Quarterly Threat Trends report here.
This guest blog is part of a Channel Futures sponsorship.