Tag Archive for: analysis

CISA Launches New System for Automated Malware Analysis

/in


The Cybersecurity and Infrastructure Security Agency has unveiled Malware Next-Gen, a new platform designed to provide automated analysis of newly identified malware to support threat detection and response efforts.

Malware Next-Gen works to enable government agencies to submit malware samples and suspicious artifacts for automated analysis to inform their cyber defense initiatives, CISA said Wednesday.

“Our new automated system enables CISA’s cybersecurity threat hunting analysts to better analyze, correlate, enrich data, and share cyber threat insights with partners. It facilitates and supports rapid and effective response to evolving cyber threats, ultimately safeguarding critical systems and infrastructure,” said Eric Goldstein, executive assistant director for cybersecurity at CISA.

Since November, Malware Next-Gen has analyzed over 1,600 files from nearly 400 registered users from defense and civilian agencies and has identified and shared approximately 200 suspicious or malicious files and uniform resource locators.

The Potomac Officers Club will host the 2024 Cyber Summit on June 6 to hear from government and industry experts about the dynamic and ever-evolving role of cyber in the public sector. Register here!

Source…

WatchGuard Threat Lab Analysis Shows Surge in Evasive Malware

/in


WatchGuard® Technologies, a unified cybersecurity company, has announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analysed by WatchGuard Threat Lab researchers. Key findings from the data show a dramatic surge in evasive malware that fueled a large increase of total malware, threat actors targeting on-premises email servers as prime targets to exploit, and ransomware detections continuing to decline, potentially as a result of law enforcement’s international takedown efforts of ransomware extortion groups.



“The Threat Lab’s latest research shows threat actors are employing various techniques as they look for vulnerabilities to target, including in older software and systems, which is why organisations must adopt a defense-in-depth approach to protect against such threats,” said Corey Nachreiner, chief security officer at WatchGuard. “Updating the systems and software on which organisations rely is a vital step toward addressing these vulnerabilities. Additionally, modern security platforms that are operated by managed service providers can deliver the comprehensive, unified security that organisations need and enable them to combat the latest threats.”

Among the key findings, the latest Internet Security Report featuring data from Q4 2023 showed:

Evasive, basic, and encrypted malware all increased in Q4, fueling a rise in total malware. The average malware detections per Firebox rose 80% from the previous quarter, illustrating a substantial volume of malware threats arriving at the network perimeter. Geographically, most of the increased malware instances affected the Americas and Asia-Pacific.

TLS and zero-day malware instances also rise. Approximately 55% of malware arrived over encrypted connections, which was a 7% increase from Q3. Zero-day malware detections jumped to 60% of all malware detections, up from 22% the previous quarter. However, zero-day malware detections with TLS fell to 61%, which was a 10% decrease from Q3, showing the unpredictability of malware in the wild.

Two top 5 malware variants redirect to DarkGate network. Among the top 5 most-widespread malware…

Source…

WatchGuard Threat Lab Analysis Shows Surge in Evasive Malware Supercharging an Already Powerful Threat Wave

/in


Notable findings from the research also show resurgence of living-off-the-land attacks, continued cyberattack commoditization, and ransomware decline

SEATTLE, March 27, 2024 (GLOBE NEWSWIRE) — WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers. Key findings from the data show a dramatic surge in evasive malware that fueled a large increase of total malware, threat actors targeting on-premises email servers as prime targets to exploit, and ransomware detections continuing to decline, potentially as a result of law enforcement’s international takedown efforts of ransomware extortion groups.

“The Threat Lab’s latest research shows threat actors are employing various techniques as they look for vulnerabilities to target, including in older software and systems, which is why organizations must adopt a defense-in-depth approach to protect against such threats,” said Corey Nachreiner, chief security officer at WatchGuard. “Updating the systems and software on which organizations rely is a vital step toward addressing these vulnerabilities. Additionally, modern security platforms that are operated by managed service providers can deliver the comprehensive, unified security that organizations need and enable them to combat the latest threats.”

Among the key findings, the latest Internet Security Report featuring data from Q4 2023 showed:

  • Evasive, basic, and encrypted malware all increased in Q4, fueling a rise in total malware. The average malware detections per Firebox rose 80% from the previous quarter, illustrating a substantial volume of malware threats arriving at the network perimeter. Geographically, most of the increased malware instances affected the Americas and Asia-Pacific.

  • TLS and zero-day malware instances also rise. Approximately 55% of malware arrived over encrypted connections, which was a 7% increase from Q3. Zero-day malware detections jumped to 60% of all malware detections, up from 22% the previous quarter. However, zero-day malware detections with TLS…

Source…

OSINT Platform to SOC & MDR Teams for Malware Analysis

/in


ANY.RUN now integrates with OpenCTI, a cyber threat intelligence platform that allows automatic enrichment of OpenCTI observations with malware data directly from ANY.RUN analysis. 

Users can access indicators like TTPs, hashes, IPs, and domains without manual data source checks. 

The data from interactive analysis sessions within the ANY.RUN sandbox can further enrich the observations that centralize threat analysis information from various sources for efficient investigation.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

OpenCTI observations with data from ANY.RUN sandbox

OpenCTI, a Threat Intelligence Platform (TIP), ingests threat data from various sources (feeds, sandboxes) using connectors and stores this data as “observations” (indicators like IPs and hashes).

Specifically, OpenCTI offers connectors for:

  • MITRE ATT&CK: facilitates mapping collected data to known attack techniques.
  • ANY.RUN Threat Feeds: imports enriched threat indicators daily.
  • ANY.RUN Sandbox: allows adding details from sandbox analysis (malware family, maliciousness scores) to observations.
OpenCTI interface

ANY.RUN is a cloud-based malware sandbox service that analyzes suspicious files in a safe virtual environment, offers real-time detection using pre-defined rules and allows interactive analysis for in-depth investigation. 

During this analysis, Its enrichment connector for OpenCTI streamlines threat analysis by automatically investigating suspicious files and when enriching an observation (potential threat evidence) in OpenCTI, it can leverage the connector to submit the file to ANY.RUN’s cloud sandbox. 

It creates a safe virtual environment to analyze the file’s behavior and then…

Source…