Sunday, November 20, 2016

The antivirus has failed ....... a survey opinion, and points on countermeasures.

I was reading in shock , concerning this article "Antivirus Fails to Stop Ransomware 100% of the Time" from InfoSecurity Magazine website.

It seems , in general IT survey opinion , that antivirus on all times, fails to contain the ransomware infection. It also states that the firewall, the anti-malware , the email filtering and security awareness also were not good at repelling ransomware.

Also worth noting is that despite the attacks, the companies involved did not alter / countermeasure much on the ongoing threat.



Points I would like to note here :

a. I have always highlighted that cybersecurity requires proactive measures, to be successful. Constant improvements & monitoring with regards to latest threats, and updated security awareness campaign to all staffs, is crucial.

b. In my field of work, I did not leave it to chance for my antivirus & email filtering solutions to stop the ransomware threat. I did some extra measures, that is typical & latest ransomware file types were manually blocked in the email filters, as well as filename patterns & keywords. This is despite the email filter scannning was able to detect the ransomware on their own, given the chance. Those extra measures provided another layer of protection and assurance from ransomware penetration.

c. Other extra measures were tightening/removing the USB drives usage, as it is also another vector for ransomware infection. Latest antivirus solutions have features to control & limit USB drives capability, to stop USB based infections.

d. Also , autorun.inf and program execution from USB drives can be disabled by either using the antivirus solution policies, or Active Directory security group policies. This can stop auto execution of any programs (legitimate & malicious), and allow time for antivirus solution to scan he USB drive and contain any threat.

e. Contants bugs and vulnerabilities patching is a must.




I strongly believe that proper expertise in fixing the gaps and flaw is necessary, as strong knowledge can really help make good countermaeasure solutions. Knee-jerk fixes does not solve the problem, and I believe that is what was done by these companies.

"Proper deployment , constant monitoring , patching and daily updates , for combination of proven firewall/IPS & email filters & antivirus solutions can certainly go a long way in putting ransomware infections to a stop."


Prevention is better than cure .......



Reference :
http://www.infosecurity-magazine.com/news/antivirus-fails-to-stop-ransomware/
https://blog.barkly.com/ransomware-attacks-bypassing-antivirus

No comments:

Post a Comment