In the technical white paper, we first dive deep at the source code level to share the details of the spreading techniques which has actively been used by the worms. B The paper then discusses the static breadcrumbs or lures which is used to detect and divert these multi-stage attack to the deception platform. The technical paper also introduces dynamic breadcrumbs. Dynamic breadcrumbs are the values which get projected in real time when a process is declared to be malicious. It is a definite manner of diverting a multistage threat to a deception platform.
In future, we expect to see more and more threats which will be multistage and will make of spreading techniques. Deception centric architecture is a powerful architecture to not only detect an attack but also gather every malicious indicator of an attack. Identification of every malicious indicator of attack will then aid to identify the threat actors, and the IoCbs can be used to quarantine the infected machines.
Download technical white paper here: Spreading Techniques and Deception-based Detection – Acalvio Technical White Paper.
References:
[1] Shamoon,B https://securelist.com/from-shamoon-to-stonedrill/77725/
[2] WannaCry,B https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-ransomware-2017-en.pdf
[3] Recent Resurgence in Shamoon,https://community.rsa.com/community/products/netwitness/blog/2017/02/08/recent-resurgence-in-shamoon
[4]B New ransomware, old techniques: Petya adds worm capabilities,
https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
[5]B Google says the fake Google Doc worm that went viral affected fewer than 0.1% of Gmail users,
http://www.businessinsider.com/google-doc-phishing-worm-affected-fewer-than-01-of-gmail-users-2017-5