Global cybersecurity firm Trend Micro said that multi-layered approach of cybersecurity will help enterprises and government fight against the new variants of Cerber threats, which is causing disruption across the gateway, endpoints, networks, and servers.
According to reports, the Cerber family of ransomware has adopted a new technique to make itself harder to detect, using a new loader that is designed to evade detection by machine learning solutions.
The Tokyo headquartered anti-virus firm said that Ransomware typically arrives via email, and the new Cerber variants are no exception. “Emails that claim to be from various utilities may contain a link to a self-extracting archive, which has been uploaded to a Dropbox account, controlled by the attackers. When the target downloads and opens it, the system gets infected,” said Trend Micro.
Experts are of the view that new packaging and loading mechanism employed by Cerber can cause problems for static machine learning approaches. “Self-extracting and simple straightforward files could pose a problem for static machine learning file detection. All self-extracting files may look similar by structure, regardless of the content. The way Cerber is packaged is said to be designed to evade machine learning file detection,” said Trend Micro.
“For every new malware detection technique, an equivalent evasion technique is created out of necessity. This new evasion technique does not defeat an anti-malware approach that uses multiple layers of protection. However, Cerber has its weaknesses against other techniques,” claimed Trend Micro.
“Cyber-criminals will always devise a way to overcome the latest security solutions, users should avoid relying on any single approach to security,” said Nilesh Jain, Country Manager (India and SAARC), Trend Micro.