The independent test laboratory AV-TEST tested 33 protection solutions in defense tests against data stealers and ransomware. The products for companies and individual workstations consistently demonstrate strong defense performance against specific threats.
The list of attacked companies, universities, colleges or institutions such as hospitals and administrations in the media is getting longer and longer. Classic protection products or company solutions must combine all of their protection technologies to defend against cyber attacks. The Advanced Threat Protection test shows how well they do this in 10 real attack scenarios. In the current test, the protection solutions have to defend Windows systems against data stealers and ransomware. The attackers rely on the “DNS TXT Record” techniques, use malware programmed in Rust and encrypted connections via HTTPS.
Strong defense against ransomware & data stealers
Authorities such as Interpol, FBI and national police departments work very well together and have had some success. APT groups such as HIVE, Emotet and QBot were dismantled, but their malware and code are still in circulation. This inspires other groups to modify and develop new malware. As a further variant, cyber attackers use additional techniques for the attack.
In the current test, the AV-TEST laboratory is examining 10 ransomware attacks and 5 attacks with data stealers in 5 real attack scenarios. The attackers sometimes use the “DNS TXT Record” technology or rely on encrypted connections via HTTPS. Some of the malware samples are written in the relatively new Rust programming language. The benefit for attackers: Rust is very fast and allows many parallel events to take place. The biggest advantage, however, is that malware written in Rust can escape the static analysis of many malware detection systems. This is why the current test, with its dynamic detection and defense, is so important.
Corporate protection products tested
The 17 protection products examined in the Advanced Threat Protection test for Windows endpoints in enterprises come from the following manufacturers: Acronis, AhnLab, Avast, Bitdefender (with 2 versions), Check Point, Kaspersky (with 2 versions), Malwarebytes, Seqrite, Sophos, Symantec, Trellix, Trend Micro, VMware, WithSecure and Xcitium.
In the corporate sector, 16 of the 17 products examined show flawless performance. The ransomware and data stealers cannot penetrate the systems and carry out their destructive work in any of the 10 scenarios. All of these products receive the full 35 points for the protection score. Only Trellix cannot completely block the attacker in one scenario. In the end, only individual files are encrypted. This costs the solution one point.
A total of 16 protection products for private users will take part in the Advanced Threat Protection Test (ATP) in July-August 2023. They come from the following manufacturers: AhnLab, Avast, AVG, Avira, Bitdefender, F-Secure, Kaspersky, Malwarebytes, McAfee, Microsoft , Microworld, Norton, Panda, PC Matic, Protected.net and Trend Micro. All products fend off attackers in the 10 scenarios without any errors. The “DNS TXT Record” or encrypted connections techniques used are of no use to the attackers, nor is the use of the Rust programming language for the malware. Each product therefore receives the full 35 points for its protection score.
More at AV-Test.org
About AV-TEST AV-TEST GmbH is an independent provider of services in the field of IT security and anti-virus research with a focus on the identification and analysis of the latest malware and its use in comprehensive comparative tests. The fact that the test data is up-to-date enables the quick-response analysis of new malware, the early detection of virus trends, and the investigation and certification of IT security solutions. The results of the AV-TEST Institute represent an exclusive information base and serve manufacturers for product optimization, specialist magazines for the publication of results and end customers for orientation in product selection.
The company AV-TEST has been operating in Magdeburg since 2004 and employs more than 30 people with profound specialist and practical experience. The laboratories are equipped with 300 client and server systems in which more than 2.500 terabytes of self-determined test data of harmful and harmless information are stored and processed. Further information can be found at https://www.av-test.org.