fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Adds AI-driven Ransomware Protection to Defender

Microsoft Adds AI-driven Ransomware Protection to Defender

Microsoft has introduced an AI-driven ransomware attack detection system for Microsoft Defender for Endpoint customers that complements existing cloud protection by evaluating risks and blocking actors at the perimeter.

As human-operated ransomware attacks are characterized by a specific set of methods and behaviors, Microsoft believes that they can use a data-driven AI approach to detect these types of attacks.

Preventing the initial foothold

Attackers typically establish a foothold in the target system by planting a malware binary that provides remote access to the device.

However, not all binaries used in attacks are known to be malicious, and many executables used in attacks are legitimate programs, including built-in Windows commands.

Also Read: PDPA Compliance for MCST: The importance of hiring a DPO

Indicators generated by these binaries may be seen as low priority and ignored by defenders.

Adding an AI-driven adaptive protection system that would detect unusual behavior, even from legitimate binaries, can play a crucial role in preventing further compromise on a device and provide responding teams valuable time to thwart the attacks.

“In a customer environment, the AI-driven adaptive protection feature was especially successful in helping prevent humans from entering the network by stopping the binary that would grant them access,” explained Microsoft about their AI-driven defense system.

“By considering indicators that would otherwise be considered low priority for remediation, adaptive protection stopped the attack chain at an early stage such that the overall impact of the attack was significantly reduced.”

“The threat turned out to be Cridex, a banking trojan commonly used for credential theft and data exfiltration, which are also key components in many cyberattacks including human-operated ransomware.”

Contrary to cloud protection which admins manually adjust, the new system is adaptive, which means that it can automatically ramp the aggressiveness of cloud-delivered blocking verdicts up and down, based on real-time data and machine learning predictions.

Real-time risk assessment system
Real-time risk assessment system.
Source: Microsoft

Blocking subsequent attack steps

Even if the algorithm fails to evaluate the risk at its real magnitude and a ransomware actor finds a way into the target network, the system will remain an obstacle for them.

Also Read: Spam Control Act: 4 best practices organizations must consider

As Microsoft explains, adaptive protection can detect and block seemingly benign operations such as network enumeration, which ransomware actors use during the reconnaissance phase.

Similarly, open-source tools are commonly abused for lateral movement, or slightly modified commodity malware that doesn’t have an identifiable signature can be detected and blocked.

“Hypothetically, in attacks where early to mid-stage attack activities are not detected and blocked, AI-driven adaptive protection can still demonstrate huge value when it comes to the final ransomware payload.” Microsoft explains

“Given the device is already compromised, our AI-driven adaptive protection system can easily and automatically switch to the most aggressive mode and block the actual ransomware payloads, preventing important files and data from being encrypted so attackers won’t be able to demand ransom for them.”

Keeping the shields up

As defensive mechanisms become more sophisticated, actors are far more likely to attempt to deactivate them instead of trying to evade or circumvent them.

This means that admins should be checking the status of their defensive tools regularly, ensuring that they are always up and running.

Cloud protection is turned on by default, and the AI-driven enhancement is now automatically included in Microsoft Defender for Endpoints as an “always-on” feature.

If any of these features are now disabled, admins should immediately investigate further to determine if they have been compromised.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us