Ransomware has emerged in recent years as one of the most pervasive and effective cyber threats. It is generally easy to automate and execute ransomware attacks, and there is very little risk to the attackers—yet this type of attack enables cybercriminals to extort a steady stream of revenue from victims.
2020 presented even greater opportunity for attackers with the COVID-19 pandemic forcing entire companies to suddenly shift to a work-from-home model, and the crucial efforts to treat COVID-19 patients and develop treatments and vaccines making the healthcare and pharmaceutical industries particularly valuable targets.
A ZDNet report from June 2020 declared, “Ransomware is rapidly shaping up to be the defining online security issue of our era.” Statistics from 2019 revealed ransomware attacks had increased 97% over the previous two years. Suffice it to say, ransomware is a lucrative enterprise with a low cost of entry and very little risk for the attackers.
Malware and exploits continuously adapt—and ransomware is not an exception. Ransomware has evolved to evade antimalware protection and some ransomware variants can spawn and hide in virtual machines and elude traditional defense mechanisms. Machine learning techniques have proven effective in detecting ransomware, but these also place a significant processing burden on the endpoint—impacting performance and making it impractical.
In response to many of these concerns, Intel recently announced that Cybereason would be enabling its technology to introduce hardware-enabled ransomware prevention, helping customers effectively defend against this rising threat.
Intel Threat Detection
Intel developed Intel Threat Detection Technology (Intel TDT) to provide a solution for the growing threat of ransomware. Typically, ransomware is downloaded to a vulnerable device through malicious link in a phishing message. It will generally encrypt data on the local system and attempt to move laterally to infect servers, network appliances, and other vulnerable systems.
Intel TDT integrates with security software to improve capacity and performance and increase the efficacy of threat detection without requiring additional deployment or configuration. There are four key capabilities that comprise Intel TDT:
- CPU threat detection. Equips endpoint detection and response (EDR) software to go beyond signature and file-based techniques with CPU malware behavior monitoring.
- Full-stack visibility. Closes blind spots to identify legitimate data encryption activities as opposed to ransomware, as ransomware often avoids detection in memory and hides in virtual machines.
- Artificial intelligence (AI). Offloads processing burden of performance-intensive AI algorithms to the Intel integrated graphics controller to accelerate processing and enhance the capacity to analyze data and conduct scans.
- Intel Hardware Shield. Hardware-based security features provide a more secure foundation with protection against attacks that occur below the operating system.
Intel and Cybereason
Cybereason recently unveiled a collaboration with Intel to improve ransomware protection for customers. The partnership combines the industry-leading endpoint prevention, detection and response solution from Cybereason with Intel Threat Detection Technology to stop ransomware attacks that bypass traditional cybersecurity tools.
Cybereason’s solution combined with Intel TDT enables full-stack visibility that improves the ability to uncover ransomware attacks. The solution is the first example of leveraging PC hardware to play a direct role in ransomware cyber defense and illustrates the commitment of both companies to reversing the adversary advantage and empowering companies to effectively defend against ransomware attacks.
“This collaboration with Intel to add CPU-based threat detection bolsters our long history and industry-leading capabilities in detecting and eradicating ransomware. The combination of best-of-class hardware, software, and security know-how provides defenders with full-stack visibility critical to ending the era of double extortion that is currently costing organizations hundreds of millions each year,” said Lior Div, CEO and co-Founder of Cybereason, in a press release announcing the solution.
Defend against Ransomware
A blog post from Cybereason explains, “This collaboration between Intel and Cybereason represents a best-of-breed combination of hardware, software, and security know-how that provides defenders to detect and eradicate malware from the chip-level to the endpoint to everywhere. Together, Intel and Cybereason are working to reverse the attacker’s advantage and end cyber attacks.”
Intel understands the importance of its role in improving cybersecurity by developing innovative hardware and technologies that can detect and prevent attacks that software-based solutions alone often miss. This is a huge step and demonstrates what is possible when leading companies work together for solutions that benefit all customers.