Cloud defense
by Volker Weber
Just before noon on March 6 (PST), Windows Defender AV blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts. The trojans, which are new variants of Dofoil (also known as Smoke Loader), carry a coin miner payload. Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters.
Comments
Müssen nur noch die Angreifer Ihre ML Skills uppen, dann haben wir ‘nen feinen Salat.
Frank Quednau, 2018-03-08
Schönes Beispiel für die zugrundeliegenden Technologien. Auch wenn viele es nicht glauben wollen, war Microsoft bei CyberDefense (notgedrungen) immer sehr weit vorne.
Ingo Seifert, 2018-03-09
Dazu passend gabe es auch einen Artikel im Crypto-Gram, dem Newsletter von Bruce Schneier. Titel ist "Artificial Intelligence and the Attack/Defense Balance.
Wer's nachschlagen mag - wirklich lesenswert.
Martin Sckopke, 2018-03-17
