Endpoint security: defense against the latest ransomware

Endpoint security: defense against the latest ransomware

Share post

APT groups use many different attack tactics. AV-TEST attacked protection products for companies in 10 currently used scenarios with the techniques ".Net Reflective Assembly loading", ".Net Dynamic P/Invoke" and "AMSI Bypass". Only half of the products examined were able to withstand 100 percent of all attacks.  

The Advanced Threat Protection tests are specific, but they repeatedly test protection software against the latest attack techniques from the APT groups. Such as ".Net Reflective Assembly loading", a technique used in its basic form in attacks by Cobalt Strike, Cuba or Lazarus. But the techniques ".Net Dynamic P/Invoke" and "AMSI-Bypass" are also popular for current attacks with ransomware.

🔎 Only 7 of the 14 tested endpoint solutions can defend themselves against the latest ransomware without any errors (Image: AV-TEST).

After a successful attack, the systems are encrypted and the extortion by the APT groups begins. Unless: the protection products for private users and companies recognize the attack techniques used, stop the attack and liquidate the ransomware.

Advanced Test: solutions for companies

Products from AhnLab, Bitdefender (2 versions), Check Point, G DATA, Kaspersky (2 versions), Microsoft, Sangfor, Symantec, Trellix, VMware, WithSecure and Xcitium face the extended test of endpoint security solutions for companies.

Each product must recognize the attack technique and fend off the ransomware in 10 scenarios. The laboratory awards 3 points for each complete defense. The products from Bitdefender (Endpoint and Ultra versions), Check Point, G DATA, Kaspersky (Endpoint and Small Office Security versions), and Xcitium shine with error-free detection of all attacks and defense against ransomware. For their performance, these products receive 30 points for the protection score.

Recognition Yes - stopping only to a limited extent

Although Symantec and Microsoft also recognize all 10 attack scenarios, they have a problem in one case: they recognize the attack and also the ransomware. They even both initiate further steps against the attack. But in the end, Symantec encrypts individual files and Microsoft even encrypts the entire system. This gives Symantec 29 points and Microsoft 28,5 points for the protection score.

After that, the field weakens: AhnLab, Sangfor, and WithSecure all have the same problem. In one case, they recognize neither the attack technique nor the ransomware. Finally, the system is encrypted and all products lose the full 3 points for one case: 27 points each for the protection score. The other endpoint solutions from Trellix and VMware only get 24 and 22,5 points respectively.

More at AV-TEST.org



AV-TEST GmbH is an independent provider of services in the field of IT security and anti-virus research with a focus on the identification and analysis of the latest malware and its use in comprehensive comparative tests. The fact that the test data is up-to-date enables the quick-response analysis of new malware, the early detection of virus trends, and the investigation and certification of IT security solutions. The results of the AV-TEST Institute represent an exclusive information base and serve manufacturers for product optimization, specialist magazines for the publication of results and end customers for orientation in product selection.

The company AV-TEST has been operating in Magdeburg since 2004 and employs more than 30 people with profound specialist and practical experience. The laboratories are equipped with 300 client and server systems in which more than 2.500 terabytes of self-determined test data of harmful and harmless information are stored and processed. Further information can be found at https://www.av-test.org.


Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more