Destructive malware takes the already cunning ways in which polymorphic malware enters and hides within system and melds it with a payload that will destroy your network and data with the precision.
Most organizations have implemented a layered, defense-in-depth security approach that encompasses signature-based anti-virus, sandboxes, endpoint protection and network anomaly detection. But none of these solutions are enough to detect, let alone act on, destructive malware like Shamoon2 or StoneDrill before either has wreaked havoc. Anti-virus software (which has had limited value at best for most of today’s malware) is based on hindsight. It needs to compare unique, brittle and threat-specific signatures to known malware or viruses, which is useless against often basic variations of known malware, let alone against polymorphic malware that can change code and byte sequences autonomously.
Shamoon2 and more notably StoneDrill, has been engineered with advanced anti-emulation techniques that allow it to elude virtual machines (VMs) and sandbox detection.
BluVector and Destructive Malware
The CISO of one of our manufacturing sector customers with a large, complex network with more than 60,000 endpoints put out a challenge to his team: Five minutes from detection to containment for what he calls his “defense against destructive malware.” The test went from “drill” to “reality” when they were targeted with Shamoon2.
When Shamoon2 hit its network, BluVector’s was there. Leveraging supervised machine learning, BluVector detected Shamoon2, as well as its inevitable variants. BluVector Cortex sent an alert to the company’s IR team, which bricked the affected endpoints and removed the malware from the network in less than seven minutes. During that short period of time, BluVector identified the infected machine, provided visibility into any related activity or signs of additional infected machines.