sb-as logo
Story image

CyberX launches automated threat extraction platform

01 Jul 2019

IoT and industrial control system (ICS) security company CyberX has announced it has improved its IoT/ICS threat intelligence capabilities with a new automated threat extraction platform that uses machine learning to identify malware and advanced persistent threat (APT) campaigns targeting industrial and critical infrastructure organisations.

Named Ganymede, the new platform is more scalable than traditional threat intelligence approaches that rely on human analysts and manual techniques.

And unlike traditional threat intelligence produced by IT security firms, Ganymede focuses on IoT/ICS/OT-specific threat intelligence for industrial and critical infrastructure organisations.

Ganymede also incorporates the industry’s first IoT/ICS/OT-specific malware analysis sandbox.

Ganymede was designed to reduce the time required to identify, hunt, and eradicate destructive malware such as LockerGoga that has cost industrial organisations tens or hundreds of millions of dollars in lost production and cleanup.

Plant safety systems are also being targeted by sophisticated nation-state adversaries across multiple industrial sectors worldwide.

Finally, trade secrets, such as proprietary design and manufacturing data, are also being stolen from industrial companies. 

How it works

Developed by Section 52, CyberX’s threat intelligence and security research team, Ganymede continuously ingests large amounts of data from a range of open and closed sources to deliver the most robust, data-driven analysis possible.

Machine learning and statistical models are used to assign risk scores to specific entities such as files.

The risk scores are calculated by machine learning trained on datasets consisting of hundreds of thousands of known good and bad samples. 

Section 52 threat analysts are used in the final phase to review and correlate the results based on their extensive field experience.

Additionally, suspicious executables are detonated in CyberX’s IoT/ICS Malware Sandbox.

Unique in the industry because of its focus on IoT/ICS-focused malware, the CyberX sandbox is a virtualised IoT/ICS environment that analyses malware activity — using machine learning combined with static and dynamic analysis capabilities — to detect malware access to IoT/ICS-specific objects (processes, libraries, DLLs, ports, etc.).

The sandbox then generates a collection of IoCs and representative screenshots of the malware in operation.

Section 52 is composed of world-class domain experts and data scientists who previously staffed a national military CERT defending against daily nation-state cyber attacks.

The team is also on-call to perform emergency incident response for clients that have experienced an IoT/ICS compromise.

“Demand for OT security will expand, from traditional preventive approaches to detection, response and predictive capabilities, to be able to react faster to eventual breaches, as well as try to predict their occurrence,” says Gartner senior director analyst Ruggero Contu.

“The evolution toward more automated security controls will also extend to the OT field, with the integration of threat intelligence and implementation of machine learning and artificial intelligence (AI) supporting analysis and prediction, deception techniques, and orchestration.”

Operationalising threat intelligence

Actionable threat intelligence is delivered to CyberX clients in several forms, including:

  • Threat intelligence updates to CyberX’s network monitoring platform. These automated updates enrich the industrial cybersecurity platform’s built-in, patented IoT/ICS-aware behavioural analytics with the latest threat information.
  • IoCs provided with SNORT and Yara rules for enriching clients’ other security tools — such as SIEM and IDS solutions — with Section 52’s threat intelligence data.
  • Threat intelligence reports, alerts, and TTPs for CyberX clients, along with expert recommendations and implementation services from the CyberX customer success team to assist clients with threat mitigation.
Link image
Webinar: Best practices for keeping your video chats secure
Video collaboration providers nowadays operate exclusively on a multi-tenant, public cloud - and security and privacy concerns have come into the spotlight. Here's how to secure your communications.More
Link image
Veeam launches ransomware prevention kit
Through a simple-by-design management console, users can easily achieve fast, flexible and reliable backup, recovery and replication for all your applications and data.More
Story image
COVID-19 related email threats pose huge risk in 2020
According to the company’s annual mid-year roundup report, Trend Micro blocked 8.8 million COVID-19 related threats, nearly 92% of which were email-based.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More