Cerber threat starts evading Machine Learning

Trend Micro Incorporated, a global leader in cybersecurity solutions, through it's multi-layered approach will help protect against the new variants of Cerber threats, which is causing disruption across the gateway, endpoints, networks, and servers of enterprises. The Cerber family of ransomware has adopted a new technique to make itself harder to detect, using a new loader that is designed to evade detection by machine learning solutions.  

Ransomware typically arrives via email, and the new Cerber variants are no exception. Emails that claim to be from various utilities may contain a link to a self-extracting archive, which has been uploaded to a Dropbox account, controlled by the attackers. When the target downloads and opens it, the system gets infected.

The new packaging and loading mechanism employed by Cerber can cause problems for static machine learning approaches. Self-extracting and simple straightforward files could pose a problem for static machine learning file detection. All self-extracting files may look similar by structure, regardless of the content. The way Cerber is packaged is said to be designed to evade machine learning file detection.

For every new malware detection technique, an equivalent evasion technique is created out of necessity. This new evasion technique does not defeat an anti-malware approach that uses multiple layers of protection. However, Cerber has its weaknesses against other techniques.

"As cyber-criminals will always devise a way to overcome the latest security solutions, users should avoid relying on any single approach to security. We at Trend Micro provide endpoint security solutions like Trend Micro Smart Protection Suites, and Worry-Free Business Security to protect users and businesses from the threats by detecting malicious files, spammed messages and to block all related malicious URLs. Trend Micro OfficeScan with XGen endpoint security infuses high-fidelity machine learning with other detection technologies and global threat intelligence,” said Mr. Nilesh Jain, Country Manager (India and SAARC), Trend Micro.

“We offer a comprehensive protection against ransomware and advanced malware through Trend Micro’s Deep Discovery which has an email inspection layer that can protect enterprises by detecting malicious attachments,” he further added.

The link to the blog - http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-starts-evading-machine-learning/.

Also Read

Stay in the know with our newsletter