Kaspersky Launches Threat Attribution Engine to Automate Malware Identification

By Enterprise Security Magazine | Tuesday, July 28, 2020

Kaspersky has launched its new threat intelligence solution that will help the SOC analysts and incident responders to attribute malware samples.

FREMONT, CA: Kaspersky has launched its new threat intelligence solution that will help the SOC analysts and incident responders to attach malware samples to earlier discovered APT groups. Making use of the proprietary procedure, the Kaspersky Threat Attribution Engine has matched an identified malicious code against one of the largest databases of malware in the industry. According to the similarities of the code, it links to a particular APT group or campaign. This information has helped the security experts to focus on the high-risk threats over less significant incidents.

It will become easy for the security teams to quickly come up with a strategy as a response against the attack if they know of the attack sooner. However, revealing the actor who is at the back of an attack can be a difficult task because it requires a massive amount of collected threat intelligence (TI) and the right aptitude to decipher it. Kaspersky has launched its new Kaspersky Threat Attribution Engine so that it can automate the classification and identification of sophisticated malware. 

To verify whether the threat is connected to a known APT group or campaign and recognize which one, the Kaspersky Threat Attribution Engine automatically deciphers a new identified malicious file in small binary pieces. It even evaluates the pieces that have been collected from the Kaspersky collection of more than 60,000 APT-related files. For more precise provenance, the solution even combines an extensive database of whitelisted files. However, the system can considerably enhance the quality of the malware triage and damage identification and facilitates incident response.

According to the comments of Costin Raiu, Director Global Research & Analysis Team at Kaspersky, “there are several ways to reveal who is behind an attack. For example, analysts can rely on artifacts in the malware, which can determine attacker’s native language, or IP addresses that suggest where they might be located. However, it is not a problem for a skilled attacker to manipulate these, leading a researcher to become bogged down in an investigation, as we have already seen in many cases. Our experience shows that the best way is to look for shared code that the samples have in common with others identified in previous incidents or campaigns. Unfortunately, such manual investigation may take days or even months. To automate and speed up this task, we created Kaspersky Threat Attribution Engine, which is now available for the company’s customers.”

Weekly Brief