What’s coming next in the world of malware? [VIDEO]

by Paul Ducklin

If you want to know where the world of malware is heading…

…ask an expert!

So that’s exactly what we did – we spoke to Fraser Howard of SophosLabs, live on Facebook.

Fraser is one of the world’s leading threat researchers, with knowledge that is deep as well as broad.

He’s well worth listening to, and here’s what he told us:

(Can’t see the video directly above this line? Watch on Facebook instead.)

(You don’t need a Facebook account to watch the video, and if you do have an account you don’t need to be logged in. If you can’t hear the sound, try clicking on the speaker icon in the bottom right corner of the video player to unmute.)

PS. If you like the T-shirt in the video, you can buy one at https://shop.sophos.com/.

5 comments on “What’s coming next in the world of malware? [VIDEO]”

A bit difficult to hear. A transcript would be preferable.
Also regarding Pwershell, Mark Russinovich of Sysinternals did a demo (video with powerpoint) of using Powershel to protect against being hacked. It was some time ago but perhaps I still have a backup.
Also the same things can be done in a Unix.Linux shell environment, can they not? Especially with the advent of such things as the Rubber Ducky (as seen on Mr. Robot last year). Essentially thousands of characters of code can be passed through your computer from a USB device in nanoseconds (Powershell, Bash, etc).

Paul Ducklin says:

October 22, 2017 at 1:06 pm

Because it’s Facebook Live, the preferred recording device, according to Facebook, is a mobile phone, so we rely on the built-in mic…

…and when you have one person who talks softly and another who ~~bellows~~talks loudly, it causes problems, as you hear here.

Sorry about that. We’ll try to equalise the levels in future, either using technology or by “self regulation”, if that is the right term to use :-)

Reply

The video stopped before the end, probably due to my DSL connection. My question is how do we protect ourselves from Powershell attacks? Thank you.

Paul Ducklin says:

October 23, 2017 at 11:33 am
In the video, we suggested a few mitigations:
- In Explorer, go to the View menu and turn on the File name extensions option so that you can more easily spot attachments that are scripts dressed up as documents, e.g. files with sneaky names like INVOICE.PDF.PS1 (PDF makes it look like a document, but the real extension is PS1, meaning it’s a Powershell script).
- Set common script extensions (e.g. VBS, JS, PS1) to open with NOTEPAD so that if you click them by mistake they show up as text in an editor, not as code running on your computer.
- At work, consider Application Control to block scripting altogether if you don’t need it.
How to configure the first two tweaks above is shown here:
https://nakedsecurity.sophos.com/2016/04/26/ransomware-in-your-inbox-the-rise-of-malicious-javascript-attachments/

PS. You can drag the slider forward in the video to jump to the end, if you want to watch the end again. It can take a few seconds for the “fast forward” to happen, so give it a while, and it might take a few guesses to get to the right point, but it’s quicker than watching over from the start :-)
Reply
- Tom says:
  
  October 23, 2017 at 12:22 pm
  
  Thanks Paul.
  
  Reply

What’s coming next in the world of malware? [VIDEO]

Free tools

Sophos Firewall Home Edition

Sophos Scan & Clean

Sophos Cloud Optix

5 comments on “What’s coming next in the world of malware? [VIDEO]”

What do you think? Cancel reply

Recommended reads

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security

LastPass: Keylogger on home PC led to cracked corporate password vault