Cybersecurity experts have been looking into ways to improve anti-ransomware protection. The latest enhancement in the field is already a fact.
11th Generation of Intel Core vPro Business-Class Processors
Intel and Cybereason have combined their efforts to add anti-ransomware defenses to the 11th generation of Intel Core vPro business-class processors. The enhancement is hardware-based and is embedded into Intel’s vPro platform through its Hardware Shield and Threat Detection Technology.
It will help profile and detect ransomware and other malware threats affecting the CPU performance of targeted systems. This improvement is “the first instance where PC hardware plays a direct role in ransomware defenses,” Cybereason explained in their announcement.
CPU-Based Threat Detection against Ransomware
“This collaboration with Intel to add CPU based threat detection bolsters our long history and industry-leading capabilities in detecting and eradicating ransomware,” shared Lior Div, CEO, and Co-Founder at Cybereason.
The joint effort also caters to another intelligence source for ransomware detection through the integration of Intel TDT capabilities into the Cybereason Defense Platform. “The raw data that Intel TDT analyses for detection purposes is unique and valuable,” Intel explains. The data helps identify polymorphic malware, file scripts, crypto mining, and other cyberattacks. The detection happens in real-time and with minimal impact on the end-user.
The CPU threat detection approach will enable “enterprise customers to go beyond signature and file-based techniques by leveraging CPU-based behavioral prevention of ransomware.” Because it averts detection in memory, the novel approach “eliminates blind spots.”
In conclusion, “Cybereason’s multi-layered protection, in collaboration with Intel Threat Detection Technology, will enable full-stack visibility to swiftly detect and block ransomware attacks before the data can be encrypted or exfiltrated.”
Ransomware continues to be a top threat for organizations and enterprises. One of the latest such attacks against Apex Laboratory, known for providing medical testing for individuals, doctors, and facilities in New York City, Long Island, and South Florida, led to sensitive patient data leaking.
In the meantime, ransomware operators also don’t waste time and improve their methods. In December 2020, Sophos security researchers released new information regarding the SystemBC tool used in multiple ransomware attacks. The tool mainly used as a proxy and a RAT in the past can now use the Tor network to encrypt and hide its command-and-control traffic destination. It is noteworthy that Ryuk and Egregor ransomware families utilized the tool in combination with post-exploitation tools like Cobalt Strike.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: