Trend micro security agent not updating
10-Aug-2017 08:37
Crypto Ransomware has become a popular attack vector used by malicious actors to quickly turn infections into profits.
From a defensive perspective, the detection of new ransomware variants relies heavily on signatures, point solution posture and binary level indicators of compromise (IOC).
We propose a novel approach for blending multiple signals (called micro behaviors) to detect ransomware with more flexibility than using IOC matching alone.It allows developers to scan their C# and code for potential vulnerabilities directly from Visual Studio.The analyzers are able to find a wide range of vulnerabilities from injection flaws to cryptographic weaknesses.The goal of the approach is to provide expressive mechanisms for detection via contextual indicators and micro behaviors that correlate to attacker tactics, even if they evolve with time.
The presenters will provide open source code that will allow users and fellow researchers to replicate the use of these techniques.
Prototype examples of different risk profiles will be demonstrated with the API via spark notebook but the libraries themselves should be usable in any Java backed code base.