HYAS Insight continues to be instrumental to organizations wanting to understand the adversary infrastructure that is behind cyber fraud and security incidents. We are pleased to announce the availability of HYAS Insight 1.3 to further boost analyst productivity. While this release includes a number of new features, I wanted to focus on three new features that will be of particular interest: malware detonation, command & control attribution, and tagging.
Malware Detonation and Analysis
A significant tool on the analyst workbench is malware detonation and analysis. Malware analysis allows you to understand what actions a malware threat takes in a system. By detonating malware and analyzing what happens in a sandboxed environment, you can easily collect all the information about the created files, network connections, changes in the registry, and so forth. HYAS Insight malware detonation supports static & dynamic analysis, performs configuration parsing and memory analysis. While HYAS has a particular interest in understanding the network traffic to command and control (C2) infrastructure given our focus on adversary infrastructure, HYAS Insight customers may want to understand more details about malware behavior. Analysts and researchers can now get those malware details with HYAS Insight 1.3.
HYAS Insight 1.3 includes the ability to detonate malware and receive the resulting report analyzing the malware. HYAS Insight provides a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment. HYAS Insight can analyze many different malicious files (executables, office documents, pdf files, emails, etc) as well as maliious websites under Windows 7 and 10 virtualized environments.
HYAS Insight customers uploading malware samples for analysis receive a detailed malware analysis report to accelerate their investigations (see above report).
Command & Control Attribution
Investigators using HYAS Insight frequently want to understand the threat groups behind the command & control (C2) infrastructure. Knowledge of C2 infrastructure allows an investigator to understand whether you are specifically targeted in an attack or simply encountering a spray-and-pray episode where you got indiscriminately attacked. Understanding the C2 infrastructure also opens up another avenue to proactively stop attacks before they cause damage.
HYAS Insight now provides C2 attribution to understand C2 infrastructure and help distinguish between a targeted attack and script kiddies launching indiscriminate attacks. HYAS Insight 1.3 helps analysts to understand who is conducting the attack and where attacks were conducted in the past so you can avoid an attack campaign or minimize the blast radius.
C2 attribution also provides visibility into fraud and credential stuffing attacks for organizations with many consumers. For example, financial institutions and consumer brands with many customers want to understand if their customers are being subjected to attacks to harvest credentials and takeover accounts that might try to drain those customer accounts. While you might have a good understanding of what is happening inside of your environment, understanding attacks affecting your customers is more problematic. HYAS Insight C2 attribution helps organizations to avoid credential stuffing attacks affecting their customers by pinpointing the attacker campaign infrastructure so the attack can be proactively mitigated.
Context
HYAS Insight 1.3 also provides more context around domains, IPs, and hashes (MD5, SHA1, SHA256) by following the AlienVault link in their HYAS Insight landing page. This helps analysts better understand context and accelerate investigations. HYAS Insight uses AlienVault OTX pulses to help provide more information around artifacts that may have not been previously known.
Want to learn more?
Enjoy speeding your threat and fraud investigations with HYAS Insight 1.3! To learn more about HYAS Insight and how it can help you to speed investigations and improve analyst productivity, please request a demo (we LOVE giving demos!).
