SonicWall Cyber Threat Report – Advancements in Deep Memory Inspection Pt. 2

SonicWall Cyber Threat Report – Advancements in Deep Memory Inspection Pt. 2

Tracking the evolution of malware strains
The collective power of Capture ATP and RTDMI
also helps SonicWall Capture Labs threat
researchers track the evolution of malware
variants — even when authors obfuscate their
payloads, such as using scripts inside of archives.
In this example, SonicWall tracked the evolution
of GandCrab as it spread in the wild. The authors
of the GandCrab ransomware eventually
announced they were shuttering the project in
June 2019 after a “successful” 16-month run.

In this example, SonicWall tracked the evolution
of GandCrab as it spread in the wild. The authors
of the GandCrab ransomware eventually
announced they were shuttering the project in
June 2019 after a “successful” 16-month run.

Side-channel attacks continue to be
ripe for security research
In November 2019, four researchers from three
universities — Worcester Polytechnic Institute
(U.S.), University of Lübeck (Germany) and the
University of California (U.S.) — published new
findings that side-channel timing and lattice
attacks could be executed against Trusted
Platform Module (TPM) chips, specifically Intel
fTPM and STMicroelectronics TPM chips.

Dubbed TPM-FAIL, this group of vulnerabilities
are the next variation of side-channel
attacks following Meltdown/Spectre,
Foreshadow, PortSmash, MDS, etc. The details
of the TPM-FAIL vulnerabilities are outlined in
CVE-2019-11090.

The above timeline highlights changes
SonicWall observed to GandCrab Version 5 in
2019, including alterations to payloads,
malicious URLs, etc., even if the version number
remained the same. (i.e., Version 5.2 could have
different download URLs).

In this snapshot, SonicWall identified and
logged different versions of GandCrab through
the first half of the year, but didn’t record any
attacks after May 2019 as the malware authors
terminated the illegal affiliate program.

See how the experts at CisCom can help you with this and more!

Blog content for the Sonic Wall Cyber Threat Report series provided by our partners at SonicWall.