• Subscriber/Sign In
  • Register
  • About Us
isssource.com
  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • News
    • Careers
    • Government
    • Incidents
    • Industry Voices
    • Products and Services
    • Sending it Your Way
    • Technology Update
    • Views
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • Membership Contents
  • Archives

Breaking News

  • Wind River, GE Update 6-year-old Holes
  • ARC: How to Prevent USB Attacks
  • Rockwell Working on PowerMonitor 1000 Fix
  • Horner Clears Cscape Vulnerability
  • Delta Fixes it Industrial Automation CNCSoft
  • Intel Has Fix for Data Center Manager SDK Holes
  • Thermal Fatigue Led to MS Gas Plant Blast …
  • … 3D Model of Failed Heat Exchanger
  • Fukushima Report: Robot Lifts Melted Fuel
  • TÜV, Nozomi Ink Partnership Pact
  • Pangea Patches Bypass Vulnerability
  • Fuji Fixes FRENIC Devices
  • ARC: Safety and Profitability Work Together
  • Public Needs to Know About Chem Releases: Judge
  • Robot Testing Radioactive Fuel at Fukushima
  • Siemens Fixes CP1604, CP1616 Holes
  • Read More

Chemical Safety Incidents

White Papers

  • A Year in Vulnerabilities
  • A Year in Threats
  • Year in Hunting and Responding
  • Finding the Competitive Edge
  • Going Digital
  • Visibility Leads to Knowledge
  • Tips to SCADA Security
  • Insurance Dilemma: Infrastructure Attacks
  • Monitoring a Growing Network
  • Integrated Approach to Protecting ICS
  • Analytics through Network Monitoring
  • Gaining Visibility on Malware Attacks
  • The Wireless Edge
  • Benefits of Virtualization
  • Wireless Reshaping IT/OT Network
  • Virtualizing Network: Benefits, Challenges
  • Read More

Sending It Your Way

  • aeSolutions Security Blog
  • exida Explains
  • Joel Langill: SCADAhacker
  • [In] Security Culture
  • Eric Byres: Practical SCADA Security
  • Department of Homeland Security
  • Jim Cahill
  • Dale Peterson
  • Industrial Defender
  • Wurldtech
  • Read More

Ransomware Avoids Machine Learning

Friday, March 31, 2017 @ 02:03 PM gHale

There is a new Cerber ransomware variant that has evolved to get around machine learning, researchers said.

The ransomware is using a new loader that appears designed to evade detection by machine learning solutions. This loader can hollow out a normal process where the Cerber code is instead run, according to researchers at Trend Micro.

RELATED STORIES
Ransomware Stars in Blank Slate Attack
Spock, Kirk, Star in Ransomware
New Ways to Hide Ransomware
Ransomware Hit 61% of Companies

Cerber, like its ransomware relatives, also goes out via email through a link to a self-extracting archive. Emails that claim to be from various utilities usually end up used, said Gilbert Sison, threats analyst at Trend Micro in a blog post. The emails contain a link to a self-extracting archive, which uploads to a Dropbox account controlled by the attackers. The target then downloads and opens it to infect a system.

In the archive there are three files, one has a Visual Base Script, the second a DLL, and the third a binary file. The script loads the DLL, the DLL reads the binary file and executes it.

Once deployed, the loader checks to see if it is running in a sandbox. If it’s not, it injects the Cerber binary into one of several running processes.

“This new evasion technique does not defeat an anti-malware approach that uses multiple layers of protection,” Sison said. “Cerber has its weaknesses against other techniques. For instance, having an unpacked .DLL file will make it easy to create a one-to-many pattern; alternately having a set structure within an archive will make it easier to identify if a package is suspicious. Solutions that rely on a variety of techniques, and are not overly reliant on machine learning, can still protect customers against these threats.”



Leave a Reply

Click here to cancel reply.

You must be logged in to post a comment.

« Wonderware Vulnerabilities Mitigated
New Version of Chrome Releases »

  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • View Spotlight Article
  • News
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • About Us
  • Membership Contents
  • Archive
  • Sitemap
  • Careers
  • Government
  • Incidents
  • Industry Voices
  • Products and Services
  • Sending it Your Way
  • Technology Update
  • Views
Policies
Copyright © 2019 isssource.com