115 milliseconds, that’s the amount of time a new technology — developed by researchers from Australia’s national science agency and a university in South Korea — takes to detect that ransomware has detonated on a computer and block it from causing further damage. As hackers execute bolder attacks with bigger potential payouts, computer scientists are pushing the limits of software to make near-instantaneous decisions and save victims from ruin.
Ransomware is a type of cyberattack that encrypts files on victims’ computers, rendering them useless until a ransom is paid. It can take just minutes to cripple an entire network.
The recent hacks of Colonial Pipeline Co., which shut the biggest gasoline pipeline in the U.S. for nearly a week, and of JBS SA, which temporarily shut all U.S. beef plants for the largest meat producer globally, have exposed drawbacks in protection for industries. Colonial paid a $4.4 million ransom, while JBS paid $11 million.
Endpoint Protection Software are cybersecurity tools that protect “end user” devices such as laptops and desktop computers, which are vulnerable to being hacked through their users clicking on malicious links or phishing emails. some of the leading companies offering Endpoint Detection software include SentinelOne Inc., Cybereason Inc., Microsoft Corp. and CrowdStrike Holdings Inc.
The innovation of that software is that it blocks files deemed to be malicious — what traditional antivirus does — and goes a step further, automating the hunt for suspicious behavior on users’ machines, aiming to identify poisoned code before it causes damage.
One of the few ways to get ahead of the problem is to have security software running deep inside a computer’s operating system. There, it can see each program running on the machine and have the best shot at distinguishing between legitimate and malicious ones.
But according to Oliver Spence, co-founder of U.K.-based North Star Cyber Security, “Solving ransomware is magnitudes harder than solving spam and that isn’t solved yet,” he said. “How do you tell which email is legitimate or not? How do I tell if a process is legitimate or not? Solve either problem completely, and you are well on your way to being rich enough to retire.”
One challenge of staying ahead of the problem is that skilled hackers routinely test their code and techniques against the latest security software, adapting when needed to evade detection, said Andrew Howard, chief executive officer of Switzerland-based Kudelski Security, said Andrew Howard, chief executive officer of Switzerland-based Kudelski Security.
“Ransomware attacks today are typically human-operated, meaning that a human is actively guiding the attack,” Howard said. “As the defenses get better, this drives new offensive techniques, which drives better defenses, which drives new offensive techniques, and so forth. There is not a 100% effective technical solution for this problem.”
©2021 Bloomberg L.P.
Eduindex News 