In a previous column, I wrote about how evasive malware has become commoditized and described how the techniques being used in any given piece of malware had grown in number and sophistication—the layering of multiple techniques being its own form of sophistication. At the time, we had been digging around in our sandbox array and found that 98 percent of malware sent for analysis was using at least one evasive technique, and one-third of malwares were using a combination of six or more detection evasion techniques. Then there are malwares like Cerber ransomware, which is very sandbox aware and runs 28 evasive processes or, if you like, uses 28 techniques intended to confound security systems and thus evade detection. (By Siggi Stefnisson, Security Week)
In the last two weeks, Florida has paid more than $1.1 million in bitcoin to cybercriminals to recover encrypted files from two separate ransomware attacks—one against Riviera Beach and the other against Lake City. (By Mohit Kumar, The Hacker News)
Preventative security technologies like firewalls and application blacklisting aren’t always enough to safeguard an organization’s IT infrastructure. Businesses often face internal threats, so a cybersecurity strategy must include tools and processes for rapid detection and response. However, strategies often don’t. (By, Filip Truta, Security Boulevard)
Whether you admit it or not, artificial intelligence (AI) is here to stay. As per the latest prediction, by 2020 a vast majority of software and app developers will use AI for their products and services. Obviously, the increased role of AI into software solutions will transform the way we work, live and do our businesses. (By Juned Chanchi, The New Stack)
About six weeks ago Microsoft took the highly unusual step of including a patch for operating systems it no longer supports in its May Patch Tuesday output. (By Mark Stockley, Naked Security)