Kaspersky recently launched a “new threat intelligence solution designed to assist analysts at Security Operations Centers”. The goal is to connect “new attacks on APT groups in seconds”.
Using its patented method, Kaspersky Threat Attribution Engine “compares new malicious code with one of the largest malware databases in the cybersecurity industry” and is based on “the similarities of that code” that connects “it to a group or campaign Specific APT “.
This information, which Kaspersky stresses to be “very useful”, will allow experts to “prioritize high-risk threats over less serious incidents”.
“By knowing who is attacking your company, and for what purpose, security teams can quickly come up with a response plan (…) However, revealing who is behind an attack is a challenging task, which requires not only the collection of a large amount of threat intelligence (IT), but also the right skills to interpret the information “, says Kaspersky, making known” the new Kaspersky Threat Attribution Engine (KTAE) “.
The objective, as can be read in a statement sent to Notícias ao Minuto, is “to determine if a threat is related to a well-known APT (Advanced Persistent Threat) group or campaign and to identify which one it may be”, because Kaspersky Threat Attribution Engine ” automatically decomposes the new malicious file discovered into small binary pieces “.
Given that first ‘step’, then “compare these pieces with those in the Kaspersky collection, which includes more than 60 thousand files related to APTs”. But for “even more precise assignment, the solution incorporates a large database of whitelist files, which significantly improves the quality of malware screening, the identification of attacks, as well as facilitating incident response”.
This is why Kaspersky said this new solution “evolved from an internal tool used by Kaspersky’s Global Research & Analysis Team (GReAT), an experienced team that is recognized worldwide for detecting and investigating threats. For example, KTAE was used to investigate campaigns iOS implant LightSpy, TajMahal, ShadowHammer, ShadowPad and Dtrack “.