All reports

11/2023 - 11/2023

Enterprise Advanced Security (Ransomware): CrowdStrike Falcon 2023

CrowdStrike Ransomware

Ransomware vs. Endpoint Security

Ransomware vs. Endpoint Security – Results from the largest public ransomware test

In this report, we analyse ransomware vs. endpoint security. Ransomware is the most visible, most easily understood cyber threat affecting businesses today. Paralysed computer systems mean stalled business and loss of earnings. On top of that, a ransom demand provides a clear, countable value to a threat. A demand for “one million dollars!” is easier to quantify than the possible leak of intellectual property to a competitor.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [2.66 MB]

Product factsheet:

In this report, we have taken two main approaches to assessing how well products can detect and protect against ransomware.

Ransomware Deep Attacks

For the first part of this test, we analysed the common tactics of ransomware gangs and created two custom gangs that use a wider variety of methods. In all cases, we run the attack from the very start, including attempting to access targets with stolen credentials or other means. We then move through the system and sometimes the network, before deploying the ransomware as the final payload.

Ransomware Direct Attacks

The second part of the test takes a wide distribution of known malware and adds variations designed to
evade detection. We’ve listed the ransomware families used in Hackers vs. Targets on page 9. We sent each of these ransomware payloads directly to target systems using realistic techniques, such as through
email social engineering attacks. This is a full but short attack chain. In this part of the test, we ensure any protection features are enabled in the product.

All reports

02/2023 - 02/2023

Enterprise Advanced Security (Ransomware): Intel

Ransomware Detection Using Hardware

Ransomware Detection Using Hardware

Ransomware Detection Using Hardware

Computer processors get the final word when running programs. Can they judge bad code from good?

SE Labs tested Intel’s hardware approach to ransomware detection, using a wide range of ransomware attacks designed to extort victims. These attacks were realistic, using the same tactics and techniques as those used against victims in recent months.

Target systems included Windows PC both Intel vPro-based hardware and alternative AMD platforms. All were attacked in the same way by testers acting as we observe ransomware groups to behave.

Attacks used original ransomware malware, as seen in the wild during recent months, as well as more advanced variations designed to evade detection. In all cases the ransomware’s goal was to steal, encrypt and destroy sensitive data on the target systems.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [2.44 MB]

Product factsheet:

Attackers can disguise malware. In the same way you might try to slip past a security guard in thick glasses and a wig, hackers can take their regular code and make it look different. There are many ways to do this, but before it can achieve its ultimate goal, malware has to run, or execute. And at that stage it drops its disguise, at least as far as the hardware it runs on is concerned. As the code runs, its intentions become clear.

And this presents an opportunity for defenders – detect malware at the very last moment, just as it reveals itself while executing. The concept of ‘security on a chip’ has been around for a long time but now Intel claims that it has introduced anti-malware to its vPro hardware platform. By monitoring code as it executes, it hopes to detect malware and inform compatible security software when it does. It claims to do this by using pattern matching, via machine learning, to spot suspicious behaviour. The goal is to have a combination of security software and hardware working together to prevent infections.

Contact us

Give us a few details about yourself and describe your inquiriy. We will get back to you as soon as possible.

Please enable JavaScript in your browser to complete this form.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.com Connect with us Find us