Welcome to another Nastiest Malware Q&A with our security analyst, Tyler Moffitt.
We had so many questions come in that we needed to host another Q&A. Thanks as always for your questions!
Today, he’ll be available to answer your questions on the latest malware featured in our latest Nastiest Malware list. For a quick refresher, you can check out our infographic too.
To get answers to your questions, just ask away in the comments below.
Hope you’re all having a great week!
This will be our last Q&A with
@TylerM on Nastiest Malware as we’ve continued to see more and more questions coming in.
If you have a question for Tyler, be sure to ask it below.
If only everything were this easy!
There is no one silver bullet. You will need multiple layers of security, think training for not clicking on bait, URL/IP protection for when they do take the bait, endpoint protection for when the payload hits disk or on execution. Plus you need too secure the environment to make sure that there aren’t any back doors open (looking at you Microsoft RDP).
But ONE thing you can do that will reduce a HUGE amount of threat vectors is just disabling what you dont use, big ones are MACROS and powershell
To make sure I understand the question correct, you want to know how long a never before seen malware file (unknown) encounters an agent for it to be determined bad?
That is what is known as “dwell time” and our average dwell time right now is about 10min
While I can’t make any promises on timelines or anything because of pandemic and holidays, but we are expecting to finish and release a new update to our Evasion Shield early next year. This is further improvements to the evasion shield feature that we released earlier this year to help with fileless payloads that lead to malicious paylods (think macros and scripts, ect). Remember that you have to enable this feature if using GSM (its enabled by default for consumers)
Kinda... not really
These guys do get caught. Indictments happen but they are usually in countries like Iran and Russia. Not often do they ever set foot on US soil to formally get charged and put in jail. Even in Russia it’s not illegal to hack or attack anyone with malware as long as you don’t target Russian citizens.
The biggest groups get away with it. The FBI has $5m bounties for info leading to capture, but they are still at large and no bounties claimed (looking at you Evgeniy Bogachev)
That just about wraps it up today.
@TylerM and everyone who joined us today and sent us a question.