Our research and development teams have identified a solution, and will release a hotfix automatically to all customers running current versions in the next few days."īlackberry Cylance declined to comment further beyond its posted statement.īypassing anti-virus programs by creating malware that looks legitimate is nothing new, and it’s not terribly surprising that products that rely on artificial intelligence and machine learning are also prone to error, writes Martijn Grooten, the editor of Virus Bulletin, a security product testing and research organization. We have verified there is an issue with Cylance Protect, which can be leveraged to bypass the anti-malware component of the product. In a statement, Blackberry Cylance says it's "aware that a bypass has been publicly disclosed by security researchers. Other vendors may have the same issue, he says. Skylight’s CEO, Adi Ashkenazy, tells Information Security Media Group that the issue researchers found with the gaming strings is essentially a “bias” that is baked into Cylance Protect’s detection mechanism. “This method proved successful for 100 percent of the top 10 malware for May 2019, and close to 90 percent for a larger sample of 384 malware,” Skylight writes in a blog post. The specific gaming application was not revealed. The findings were first reported by Vice’s Motherboard. Researchers at Skylight Cyber say they discovered that appending strings from the executable of a gaming application to files such as WannaCry would fool Cylance Protect's detection engine into thinking the file was not malware. Skylight Cyber says it examined how Cylance’s Protect product evaluates malware, giving it a score to determine whether an executable is likely to be malicious. See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm Administrators are prone to make mistakes when under time pressure.An Australian cybersecurity company says it tricked BlackBerry’s Cylance Protect anti-virus product into believing that some of the most pernicious types of malware, including WannaCry and the SamSam ransomware, were benign programs. With a default closed policy, work can be blocked until an admin makes a decision on a suspect application, slowing efficiency. Admins are not malware analysts, so burdening them with making decisions about what applications should run can greatly increase their workload. Unfortunately, this whitelisting model puts stress on administrators. Application control solutions support numerous “trusted sources of change” in a bid to reduce the pain of installing/upgrading newer applications. This causes friction with users due to a negative impact on productivity. Application control is widely acknowledged as a highly effective way to protect low-change environments.ĭespite having a more secure model, many whitelisting solutions have not achieved widespread adoption because they require strict change control policies around applications. Application control reverses this paradigm, only allowing execution of code that is on a whitelist of known good applications. Traditional antivirus products use a blacklisting approach that allows all applications to run unless they are known to be malicious or exhibit known bad behaviors. If your desired outcome is to minimise malware execution there is a much easier way - cloud managed, desktop anti-malware that stops malware in its tracks, no thinking required. For those of you considering implementing a Whitelisting solution, have a read of this.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |