Q&A: The need for change in protecting against ransomware attacks

The security landscape is one that is constantly changing and old-style signature-based detection systems are struggling to keep up.

But what are the main threats today and how can companies and individuals combat them? We spoke to Tomer Weingarten CEO of next-generation security company SentinelOne about ransomware and what the LinkedIn hack means for the future of password security.

Why is ransomware so hard to tackle?

It's one of the most common problems in security today, the main reason is not because it's complicated but mostly because it's lucrative to cyber criminals. Ransomware is a very effective mechanism to infect and monetise as many machines as possible.

Criminals have come up with many ways to circumvent security solutions and make sure these infections are successful. The evasion and obfuscation techniques that ransomware is using are constantly improving to allow better infection rates. It isn't necessarily that the ransomware itself is improving but the delivery methods are evolving to deliver it more effectively.

Do changing delivery methods mean social engineering? Are the criminals just getting better at persuading people to click links?

It's partly that spear phishing techniques have become more effective but we've also seen increased delivery of infections through malvertising. If a user browses to a website that they trust there's a risk of one of the components on the page being compromised and delivering an infection without you clicking on anything.

How can people protect against this sort of drive-by attack?

Drive-by attacks are a bit more lethal than spear phishing attacks. To protect against them the common advice would be to make sure your machine is fully patched, but we all know that consumers aren't great at patching and some may not even know what patching is.

There's not much you can do as a consumer other than keeping your security software up to date, keeping your browser patched and just trying to stay away from suspicious websites.

Does this need a change in the way software patches are delivered? Chrome for example updates without user input.

The way Chrome does things is a good start and a more secure approach. But the reality is there will always be bugs in software and patches and updates will always be needed. The main things that need to change are how you detect, what you monitor and what you prevent. There has to be a fundamental shift from trying to catch signatures to trying to understand whether there's malicious code or behaviour on your device.

If an antivirus has as its sole purpose to scan files, what happens when someone attacks you with something that resides in memory only and then encrypts the entire disk? Traditional solutions are becoming useless in the face of this new wave of attacks which old-style antivirus never sees.

Does the recent leak of LinkedIn passwords prove that old problems don't go away?

It seems to me they may not have been completely aware of the scale of the leak. You can see from the tone of the email LinkedIn has sent to users that it's on the defensive. There's a chance that the attackers were still in the system but it seems more realistic that the company just hasn't understood the full extent of the breach.

The use of passwords is not something that is bullet proof, we need to move to better authentication methods and the sooner the better.

So are we seeing the password come to the end of its useful life?

The technology is there today to use biometric or other authentication methods. There are many ways we can utilise phones and cameras for example to offer better security. I think it's an adoption and usability question more than anything else. We need users to become more educated and these things tend to take a while.

Is it more about education than technology?

I want to believe so and it's also about which of the big websites adopt it first. If you imagine that Facebook, for example, were to force all its users to use an image to log in that would make a big change.

When one of the internet giants starts to push this then change will begin to happen. Although the technology is there now it will need a major change in infrastructure for companies to support better forms of authentication and that will take time.

Photo Credit: lolloj/Shutterstock