We have seen a number of large scale attacks leveraging the recently published NSA tools and exploits. The latest attack seems very similar to the Petya virus which used a Ransomware-as-a-Service platform making it available to a wide range of cybercriminals, regardless of their hacking skills. However, unlike Petya, this new variant is proving to be more vicious – in effect, a wiper that wipes PCs and servers, rather than ransomware.
The recent attacks, however, highlight two key trends:
- The fact that many enterprises do not or cannot implement patches for known vulnerabilities
- This new generation of malware far exceeds many security products’ ability to detect and immediately block these new malware and new malware variants.
New advanced threats such as we’re seeing recently require a multi-layered defense strategy that can protect against multi-vectored threats. Wedge Advanced Malware Blocker (WedgeAMB) uses both conventional and new, cutting edge security scanning technologies in combination with our patented Deep Content Inspection technology to provide maximum content visibility at the network layer. The Wedge Security Orchestrator facilitates multi-vectored scanning technologies while managing the patented SubSonic Engine to provide these services at line rate speed, with imperceptible latency.
Similar to the results with the WannaCry and Erebus ransomware, WedgeAMB blocks this new Petya variant through multiple levels of defense,
First, WedgeAMB detects the network propagation of this new malware that leverages the EternalBlue SMB vulnerability, using a packet-based scanning engine
Second, WedgeAMB operates at the content level, assembling network packets into actual content (because new generation of malware knows how to evade packet-based scanning engines) and then uses signature and heuristic based scans to detect and block all of the signatures associated with this threat.
Third, in the event that there is brand new variant that evades detection by the packet-based, the signature and heuristic network content based scanners, the third engine is a realtime, inline AI malware prediction network content scanner that Wedge Networks developed using Cylance’s award-winning endpoint security solution, allowing enterprises for the first time the ability to detect and block these unknown threats including this!
Are you ready for the next attack? If not, consider downloading our free WedgeAMB Prevention First trial system and start protecting your network immediately!