Tag Archive for: Platform

OSINT Platform to SOC & MDR Teams for Malware Analysis

/in


ANY.RUN now integrates with OpenCTI, a cyber threat intelligence platform that allows automatic enrichment of OpenCTI observations with malware data directly from ANY.RUN analysis. 

Users can access indicators like TTPs, hashes, IPs, and domains without manual data source checks. 

The data from interactive analysis sessions within the ANY.RUN sandbox can further enrich the observations that centralize threat analysis information from various sources for efficient investigation.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

OpenCTI observations with data from ANY.RUN sandbox

OpenCTI, a Threat Intelligence Platform (TIP), ingests threat data from various sources (feeds, sandboxes) using connectors and stores this data as “observations” (indicators like IPs and hashes).

Specifically, OpenCTI offers connectors for:

  • MITRE ATT&CK: facilitates mapping collected data to known attack techniques.
  • ANY.RUN Threat Feeds: imports enriched threat indicators daily.
  • ANY.RUN Sandbox: allows adding details from sandbox analysis (malware family, maliciousness scores) to observations.
OpenCTI interface

ANY.RUN is a cloud-based malware sandbox service that analyzes suspicious files in a safe virtual environment, offers real-time detection using pre-defined rules and allows interactive analysis for in-depth investigation. 

During this analysis, Its enrichment connector for OpenCTI streamlines threat analysis by automatically investigating suspicious files and when enriching an observation (potential threat evidence) in OpenCTI, it can leverage the connector to submit the file to ANY.RUN’s cloud sandbox. 

It creates a safe virtual environment to analyze the file’s behavior and then…

Source…

Bugcrowd snaps up $102M for a ‘bug bounty’ security platform that taps 500K+ hackers

/in


Bugcrowd — the startup that taps into a database of half a million hackers to help organizations like OpenAI and the U.S. government set up and run bug bounty programs, cash rewards to freelancers who can identify bugs and vulnerabilities in their code — has picked up a big cash award of its own to grow its business further: an equity round of $102 million.

General Catalyst is leading the investment, with previous backers Rally Ventures and Costanoa Ventures also participating.

Bugcrowd has raised over $180 million to date, and while valuation is not being disclosed, CEO Dave Gerry said in an interview it is “significantly up” on its last round back in 2020, a $30 million Series D. As a point of comparison, one of the startup’s bigger competitors, HackerOne, was last valued at $829 million in 2022, according to PitchBook data.

The plan will be to use the funding to expand operations in the U.S. and beyond, including potentially M&A, and to build more functionality into its platform, which — in addition to bug bounty programs — also offers services including penetration testing and attack surface management, as well as training to hackers to increase their skiilsets.

That functionality is both of a technical but also human nature.

Gerry jokingly describes Bugcrowd’s premise as “a dating service for people who break computers” but in more formal terms, it is built around a two-sided security marketplace: Bugcrowd crowdsources coders, who apply to join the platform by demonstrating their skills. The coders might be hackers who only work on freelance projects, or people who work elsewhere and pick up extra freelance work in their spare time. Bugcrowd then matches these coders up, based on those particular skills, with bounty programs that are in the works among clients. Those clients, meanwhile, range from other technology companies through to any enterprise or organization whose operations rely on tech to work.

In doing all this, Bugcrowd has been tapping into a couple of important trends in the technology industry.

Organizations continue to build more technology to operate, and that means more apps, more automations, more integrations and much more data is…

Source…

Cryptocurrency Scammers Exploit ChatGPT-Powered Botnet on Social Platform X

/in


Source: Adobe / safriibrahim

A recent investigation by researchers at Indiana University Bloomington has unveiled the use of a botnet powered by ChatGPT, a sophisticated AI language model developed by OpenAI, to promote cryptocurrency scams on X (formerly known as Twitter).

The botnet – dubbed Fox8 due to its connection with crypto-related websites – was composed of 1,140 accounts that utilized ChatGPT to generate and post content as well as engage with other posts. The auto-generated content aimed to entice unsuspecting users into clicking on links that led to crypto-hyping websites.

The researchers detected the botnet’s activity by identifying a specific phrase, “As an AI language model…,” which ChatGPT occasionally uses in response to certain prompts.

This led them to manually scrutinize accounts they suspected were operated by bots. Despite the relatively unsophisticated methods employed by the Fox8 botnet, it managed to publish seemingly convincing messages endorsing cryptocurrency sites, illustrating the ease with which AI can be harnessed for scams.

Micah Musser, an expert in AI-driven disinformation, believes that this discovery might only scratch the surface of a larger issue, given the popularity of large language models and chatbots.

“This is the low-hanging fruit,” Musser said in an interview with WIRED. “It is very, very likely that for every one campaign you find, there are many others doing more sophisticated things.”

OpenAI’s usage policy explicitly prohibits the use of its AI models for scams and disinformation. Researchers stress the challenge of identifying such botnets when they are effectively configured, as they could evade detection and manipulate algorithms to spread disinformation more effectively.

Filippo Menczer, a professor spearheading the University’s research into Fox8, said they only noticed the botnet because the scammers were sloppy. “Any pretty-good bad guys would not make that mistake,” he stated.

Spam Bots On X

Spam bots have long plagued the online crypto community, and are a common grievance among influencers within the space. Such bots are…

Source…

Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks

/in


Thomas Trutschel | Photothek | Getty Images

In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.

Initially reticent to name the cause, Microsoft has now disclosed that DDoS attacks by a murky upstart were indeed to blame.

But the software giant has offered few details — and would not comment on the attacks’ magnitude. It would not say how many customers were affected or describe the attackers, who it has named Storm-1359. A group that calls itself Anonymous Sudan claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian.

Microsoft’s explanation in a blog post Friday evening followed a request by The Associated Press two days earlier. Slim on details, the post said the attacks “temporarily impacted availability” of some services. It said the attackers were focused on “disruption and publicity” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.

Microsoft said there was no evidence any customer data was accessed or compromised.

While DDoS attacks are mainly a nuisance — making websites unreachable without penetrating them — security experts say they can disrupt the work of millions if they successfully interrupt the services of a software service giant like Microsoft on which so much global commerce depends.

It’s not clear if that’s what happened here.

“We really have no way to measure the impact if Microsoft doesn’t provide that info,” said Jake Williams, a prominent cybersecurity researcher and a former National Security Agency offensive hacker. Williams said he was not aware of Outlook previously being attacked at this scale.

“We know some resources were inaccessible for some, but not others. This often happens with DDoS of globally distributed systems,” Williams added. He said Microsoft’s apparent unwillingness to provide an…

Source…