Harpoon Security Attack shield.
Most computers are protected by classic signature-based anti-virus (AV) software as their sole protection against cyber-attacks. However, defeating malware using file-less process injection techniques today requires far more sophisticated software than it did several years ago. Red Canary ranks process injections as the #6 overall technique of 2021 for good reason. With the advancement of these file-less malware-attacks which hide in memory, experts recommend a multilayer defense with traditional AV software that uses virus definitions as just the first layer, and adding HARPOON Security as a second layer solution to identify and block these hidden from sight Zero Day attacks.
Historically, malware has taken the form of a static package that could be identified by its unique appearance, thus creating a signature so the AV can recognize it on other computers when it attacks again. Today, this notion of polymorphic coding has evolved= the ability for the bad guys to alter existing attacks in such a way as to encrypt their malicious payloads with variable keys, making them look entirely different each and every time they are released. Polymorphic malware has already overrun the capability of modern AV software, which in turn, leaves tens of millions of computers vulnerable to these attacks.
Harpoon Security detects and blocks in-process/memory memory injection attack METHODS and not a specific VERSION of an attack- this is our patented and one-of-a-kind capability. Regardless of the age of the malware: 5 years, 5 hours, or 5 minutes ago- when these polymorphs perform an action to load or run unauthorized code, Harpoon will not allow the code to run and infect the computer.
Ransomware attacks are typically carried out using hidden code that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. One other unique characteristic of ransomware is that the ransomware contacts the user of the infected system. To make matters worse, the process is automated- once the process of attack begins, no additional commands are needed to compromise the target system.
A typical ransomware attack proceeds as follows:
- Locate a target: Attackers use Phishing email with fake website links, or they will include a corrupted file attachment in the same email- either way, the user is one-click away from mayhem. This process is typically automated with a ‘spray and pray’ philosophy of large numbers and probability.
- Install the malware: Once the file is opened or the link is clicked, the installation of the malware on the target system is initiated. The attacker may want to sit idle for a while after the installation and perform some level of reconnaissance to ensure their target is worth the risk of exposure. Once some basic criteria have been met, the malware initiates the next step.
- Data encryption: The ransomware kicks off its primary objective- encrypting the user’s data on the computer. This process denies access to the data and locks the user out of their system. A key is introduced to the infected system or server so that the user can decrypt their data, once the ransomware has been paid. [Harpoon detects the action of initializing encryption, and blocks this action before it begins. Software installation by design, isn’t always a bad thing, however, the METHOD that the malware will use to begin the encryption process, triggers Harpoon to block this action as well as sending an alert that an attack has been attempted and blocked]
- Demand Ransom: A demand for payment linked to a deadline is presented to the user, typically requesting payment in untraceable cryptocurrency like Bitcoin. Upon receipt of payment, the attacker will usually (but not always) supply the victim with a link to the key to decrypt their data. There is no guarantee given that the victim will be ransomed again in the future.
Harpoon protects the user from data encryption, system lock-out, and demand for ransom. If the malicious code cannot be run on a system in Step 3, then the computer is protected and the attack has been neutralized.
CONTACT US TODAY and find out how we can rid your systems of hidden process injections.