These advanced attacks use adaptive and evasive tactics to bypass traditional security tools, infiltrate endpoints, spread through the network, and deliver their harmful payloads.
Insufficient browser security is the main reason today's ransomware attacks are so successful.
In order to stop these attacks, enterprise security teams need to refocus their efforts on the browser, gaining visibility and control over web-based workloads.
Today's ransomware attacks have evolved from a single ransomware request to a more pervasive and destructive attack that hits victims multiple times throughout the attack chain.
Every ransomware attack starts with gaining initial access on an end point and infecting it with malware.
Attackers will start by performing reconnaissance on their intended targets and look for vulnerabilities to exploit such as phishing opportunities, stolen credentials or unpatched software.
Once an initial access point has been established, attackers will use various malware and download tools to search for data, steal credentials and monitor communication channels across the network.
The attacker can also install additional malware that they can use in the future to help facilitate other stages of the ransomware attack chain.
Attackers can also exfiltrate data to the C&C server, setting themselves up for double extortion when the time is right.
Attackers can then encrypt data and systems using the keys sent from the C&C server.
It's here where attackers lay all their cards on the table, revealing what systems have been compromised, the data that has been stolen and the potential fallout.
Attackers want to show victims how much is at sake so they can instill fear and force a hasty action.
Malicious actors know this, of course, and have crafted new attacks that specifically target the browser as a way to make that initial access on the end point.
Menlo Labs has recently uncovered the re-emergence of a highly active attack framework called 'SocGholish' - a ransomware threat that uses social engineering tools and evasive techniques to gain access to enterprise networks.
The phishing attacks typically masquerade as popular software updates - such as Chrome and Adobe - and, once a user clicks on the link, the malware uploads a ZIP file hosted on a trusted location through iFrames.
The casinos have lost millions of dollars in the attacks that have impacted thousands of users.
Isolating this activity away from the end point ensures that no ransomware or evasive malware can ever gain that initial access - rendering the attack useless.
Menlo Security's Secure Cloud Browser gives security teams the visibility and control they need to fully protect the web browser - ultimately reducing the attack surface and effectively eliminating ransomware.
Menlo is the only solution that is able to identify and dynamically stop evasive malware, zero-day exploits and ransomware attacks.
The post Browser security is the key to stopping ransomware attacks appeared first on Menlo Security.
This Cyber News was published on securityboulevard.com. Publication date: Tue, 09 Jan 2024 15:43:04 +0000