{"id":2108,"date":"2017-11-22T21:01:02","date_gmt":"2017-11-23T05:01:02","guid":{"rendered":"https:\/\/new.acalvio.com\/?p=2108"},"modified":"2017-11-22T21:01:02","modified_gmt":"2017-11-23T05:01:02","slug":"technical-white-paper-using-deception-to-detect-spreading-techniques","status":"publish","type":"post","link":"https:\/\/acalvio.p2staging.us\/index.php\/2017\/11\/22\/technical-white-paper-using-deception-to-detect-spreading-techniques\/","title":{"rendered":"Technical White Paper : Using Deception to Detect Spreading Techniques"},"content":{"rendered":"

The severity of any infection will get multiplied when it employs spreading technique. Ransomware which has been one of the critical threat for quite some time have been able to increase its effect by spreading to the mapped and unmapped drive. In the recent past threat actors have made use of remote code execution (such asB WannCry<\/a>), harvesting credentials from memory (such asB Petya<\/a>B ,Shamoon<\/a>), harvesting email addresses from the address book to spread inside the network.
\nTraditional defenses are aimed to detect and stop an attack.B Deception-centric architecture<\/a>B differs from the traditional architecture; it is not only used to identify an ongoing threat, but also to divert the threat to an engagement platform to gather every malicious indicator of a multistage of attack. Once every malicious indicator of attack is captured then it can be used for many purposes such as to attribute a multi-stage attack to a threat actor, quarantine the infected computers, protect against theB variation of an attack.<\/a>
\n\"\"<\/p>\n

\nIn the technical white paper, we first dive deep at the source code level to share the details of the spreading techniques which has actively been used by the worms. B The paper then discusses the static breadcrumbs or lures which is used to detect and divert these multi-stage attack to the deception platform. The technical paper also introduces dynamic breadcrumbs. Dynamic breadcrumbs are the values which get projected in real time when a process is declared to be malicious. It is a definite manner of diverting a multistage threat to a deception platform.
\nIn future, we expect to see more and more threats which will be multistage and will make of spreading techniques. Deception centric architecture is a powerful architecture to not only detect an attack but also gather every malicious indicator of an attack. Identification of every malicious indicator of attack will then aid to identify the threat actors, and the IoCb\u0000\u0019s can be used to quarantine the infected machines.
\nDownload technical white paper here: Spreading Techniques and Deception-based Detection – Acalvio Technical White Paper<\/a>.
\nReferences:<\/strong>
\n[1] Shamoon,B https:\/\/securelist.com\/from-shamoon-to-stonedrill\/77725\/<\/a>
\n[2] WannaCry,B https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/security-center\/white-papers\/istr-ransomware-2017-en.pdf<\/a>
\n[3] Recent Resurgence in Shamoon,https:\/\/community.rsa.com\/community\/products\/netwitness\/blog\/2017\/02\/08\/recent-resurgence-in-shamoon<\/a>
\n[4]B New ransomware, old techniques: Petya adds worm capabilities,
\nhttps:\/\/blogs.technet.microsoft.com\/mmpc\/2017\/06\/27\/new-ransomware-old-techniques-petya-adds-worm-capabilities\/<\/a>
\n[5]B Google says the fake Google Doc worm that went viral affected fewer than 0.1% of Gmail users,
\nhttp:\/\/www.businessinsider.com\/google-doc-phishing-worm-affected-fewer-than-01-of-gmail-users-2017-5<\/a>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The severity of any infection will get multiplied when it employs spreading technique. Ransomware which has been one of the critical threat for quite some time have been able to increase its effect by spreading to the mapped and unmapped drive. In the recent past threat actors have made use of remote code execution (such […]<\/p>\n","protected":false},"author":2,"featured_media":1768,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[87,116,140],"_links":{"self":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts\/2108"}],"collection":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/comments?post=2108"}],"version-history":[{"count":0,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts\/2108\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/media\/1768"}],"wp:attachment":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/media?parent=2108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/categories?post=2108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/tags?post=2108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}