There are many threats lurking within the depths of the Internet, most of them are well-known and it is very easy to defend against them, since they are recognizable. At one point, they had to be new, never seen before, and they might have caused some serious damage. The progress is ever-present, and the same applies to cyber threats, where new threats are discovered nearly on a daily basis.
Zero-Day Threats
The most dangerous threats are those that are new, when no one was able to properly research them yet. They are often called Zero-Day Threats. More often than not, they are active and cause damage for quite some time before someone discovers them and implements a proper security measure. Many of them are even custom made to be used against a particular target who has nearly no means to properly defend against such an attack.
Defending Against the Unknown
Solutions relying only on a traditional means of detection – recognizing known patterns – will not cut it in today’s dynamic environment. To be protected, you need to use a solution which is able to recognize malicious behavior as it is, without relying on “I have seen this somewhere before and I know that this is bad so I have to block it.” Whalebone offers solutions such as this.
To demonstrate some example from this year, we were able to recognize Sharkbot before its patterns were published – it was just a few hours before some other authority published the information on how to spot the malicious behavior of Sharkbot. Even during that short time, we stopped 522 requests – the real number is probably a bit higher because this is only what was matched against the patterns from external threat intelligence feeds. In other words, there may be more. It seems that sharks are no match to whales, and no wonder. Whalebone’s engines identify and block about 1.5 million requests to resolve DGA domains (more about DGA here), which is mostly used by new malware to avoid detection.
Progress cannot be stopped, and sadly it applies to hackers improving their tools. It is no longer viable to just rely on known pattern recognition. To be protected you have to leverage a solution, such as those from Whalebone, which recognize malicious behavior, not just patterns.