Minerva Labs Advances Protection of Evasive Malware in 2017
December 2017 by Marc Jacob
Minerva Labs announced continued growth in 2017 with fourth-quarter revenue growing more than double over the prior year. The key factors fueling this growth were the company’s continued business expansion and innovation within their Anti-Evasion Platform, including the industry’s first, enterprise ready Endpoint Malware Vaccination module for incident response teams that scales across the organization. These new offerings and services garnered increased value for customers and partners. In addition, Minerva launched their partner program, Minerva Value Partner Program (MVP²), which has obtained excellent adoption by both the VAR and MSP community, with 20+ partners signed up so far in North America and Europe.
In 2017, Minerva announced the closing of a $7.5 million Series A funding round led by Amplify Partners, which the company utilized to accelerate adoption and deployment of its Anti-Evasion Platform, as well as help support growth opportunities in global sales and marketing efforts. Additional investors that participated in the funding round were StageOne Ventures and Webb Investment Network.
Expanding Minerva’s Anti-Evasion Platform
In 2017, Minerva Labs released several, significant updates to their Anti-Evasion Platform in enhancing endpoint defense from evasive threats. In addition to their Hostile Environment Simulation which mimics the presence of security products that evasive malware is designed to bypass, Minerva Labs released:
• Memory Injection Prevention, which allows organizations to block threats that use fileless and other in-memory techniques to hide malicious code in legitimate processes to evade detection by anti-malware products.
• Malicious Document Prevention, which blocks malicious actions initiated by document files, such as those that employ macros, PowerShell and other scripts.
• Endpoint Malware Vaccination, which allows enterprise incident response teams to simulate infection markers as a way of vaccinating endpoints against specific malware families. This unique capability helps Minerva’s customers contain malware outbreaks and prevent infections even if other defensive capabilities were unable to block the attack.
• Ransomware Protection, which prevents malware from destroying the victim’s files even if ransomware found a way to bypass other security defenses, protecting the organization from data loss.
Prevention of Malicious Attacks
As adversaries continued to expand their use of evasion tactics in 2017, Minerva’s approach to strengthening endpoint security with the first ever scalable endpoint prevention by covering the gap left by traditional and “next-gen” antivirus products were effective against many evasive threats. Examples of the malicious programs that the company’s Anti-Evasion Platform was able to block automatically with no human/incident response interaction and without relying on any signatures, malware patterns or models included:
• Evasive banking trojans – Minerva Labs was able to prevent many banking Trojan attacks at customer sites without any prior knowledge or signature update. Among the attacks prevented were: Emotet, Trickbot, Qbot, Ursnif and others
• Exploit kits – Minerva prevented numerous attacks that used exploit kits targeting vulnerable enterprise browsers. Minerva’s unique solution renders exploit kits ineffective and as a result do not trigger their attack.
• Minerva Labs helped support the security community by creating a number of free vaccinations for WannaCry, Spora, and a free, open-source tool for automatically extracting mutex infection markers for endpoint vaccination, named Mystique.
• Minerva proved successful in preventing targeted attacks such as Not Petya and the CCleaner malicious backdoor which specifically targeted IT companies using a supply chain attack to compromise a vast number of victims. Minerva helped prevent the entire attack with its Memory Injection Prevention module.
• Cryptomining malware has become an emerging threat lately due to the ease of cashing out illicit gains, with a lower risk of being detected. Minerva is dedicated to researching this phenomenon and earlier this month revealed WaterMiner, an example of a cryptomining campaign that hides in gaming ‘mods’ and infects victims with a simple yet effective Monero mining malware which is designed to hide from endpoint monitoring tools. More to come on this in 2018.
• Malware authors continue to look and inevitably find new ways of abusing features of document-processing applications to infect systems. One such evasive technique is using weaponized documents to deliver malware. Minerva Labs Anti-Evasion Platform can successfully block these attacks without any updates such as the recent issues in Microsoft Office Dynamic Data Exchange (DDE). DDE allows adversaries to deliver stealthy payloads via document files while avoiding the common usage of macros.
Noteworthy Industry Recognition
Minerva Labs gained recognition with a significant product review by SANS Institute’s Dr. Eric Cole, PhD, which validated that enterprises that deploy Minerva Labs can significantly increase their ability to prevent endpoint compromises and malware infections that bypass other security controls.