Emerging Threats//
CrazyHunter Ransomware
CrazyHunter is a ransomware campaign targeting healthcare that weakens endpoint defenses and escalates privileges before encrypting systems at scale.
Cyborg Security
, a pioneer in threat hunting, today announced a new threat hunting content platform that will help businesses grapple with the exponential rise in cyber threats that strike their IT assets and maximize the value of their existing security controls. Cyborg Security’s HUNTER platform has been developed by a world class team of threat hunting experts to deliver advanced threat hunting and detection content, empowering organizations to move beyond reactive security, to proactive threat hunting. The platform provides advanced and contextualized threat hunting and detection packages containing behaviorally based threat hunting content, threat emulation, and detailed runbooks, supplying organizations what they need to evolve their security analysts into skilled hunters. Every HUNTER package is developed by dedicated threat researchers from malware analysis and incident investigations and is combined with unprecedented contextualization derived from cutting edge threat intelligence. HUNTER content can be deployed using a proprietary patent-pending technology that tailors the hunting and detection packages to an organization’s unique environment and existing security toolsets. The platform offers organizations a rigorous, repeatable, and sustainable path to maturing their threat hunting practices without breaking the bank. “There’s no denying businesses face an increasing volume of threats, and that many of them recognize the importance of creating threat hunting teams as part of their Security Operation Center (SOC),” said Dave Amsler, CEO and Founder, Cyborg Security. “However, aggressively hunting threats and curating threat content has historically been expensive and, because it’s an emerging area, organizations have lacked the expertise and talent to support that function.” Threat hunting is still nascent: according to a SANS Institute study, less than 30 percent of organizations believe they have a mature threat hunting program; however, more than 70 percent of organizations have threat hunting programs, indicating that many organizations are not doing threat hunting effectively and don’t have the resources to mature their existing programs. “Cyborg Security aims to solve the biggest security challenges facing businesses. Amongst those challenges is an increase in inbound noise, a lack of threat hunting talent, and insufficient context and information to respond to threats. The HUNTER platform seeks to solve those challenges by delivering advanced and highly targeted hunt packages capable of proactively detecting even the most advanced adversaries’ actions, while giving hunters and analysts the context and accuracy needed to take action,” Amsler said. Founded in 2019, Cyborg Security aims to disrupt the traditional threat hunt process and help remove the barriers to advanced threat hunting. Traditionally, organizations have adopted technologies and tools that are only able to identify the most obvious of threats. One of the challenges continues to be an overemphasis on the capabilities of artificial intelligence (AI) to detect advanced adversaries.
By blending proprietary intelligence technology with human insight and analysis, the HUNTER platform reverses reactive security processes, turning analysts into hunters and making businesses aggressors against bad actors. Benefits of the platform include:
- Realize Return on Investment. The HUNTER platform enables organizations to immediately develop or mature their threat hunting teams by providing turnkey hunting and detection packages, empowering organizations to seamlessly detect malicious and anomalous activity in their environment.
- Reduce Level of Effort. The HUNTER platform delivers tested, validated, and optimized hunt and detection packages, and uses automated mapping to deliver tailored content, reducing or eliminating the costly development or re-engineering effort.
- Enrich Analyst Talent. Leveraging the HUNTER platform, even mid-tier analysts can complete advanced threat hunting in an environment.
Threat Hunting for More Than the Top One Percent
To date, threat hunting has only been done effectively by the top one percent of cybersecurity organizations. It is not a one-time process and takes extensive effort, resources, and money to do it effectively. The HUNTER platform eliminates those challenges, delivering functionality such as:
Search and Discovery. All HUNTER content utilizes the MITRE ATT&CK framework, Cyber Kill Chain and the Diamond Model, as well as filtering by contextualized tagging including malware, threat actors, target industries and regions. Threat Hunt and Detection Packages. The contextualized and enriched content is based on emerging and advanced threat actor techniques. All packages contain living content, which undergoes continuous reviews to ensure accuracy and validity. Included each of the packages are detailed hunt plans, including runbooks and suggested remediation. ensuring that analysts can complete rigorous and repeatable hunts. Automated Mapping. Packages are compatible with most security analysis platforms and are mapped to the customer’s unique environment including fields, indexes, and source types. All content can also be manipulated to provide a feedback loop ensuring ongoing compatibility. Threat Feed. HUNTER includes exclusive access to the SIGNS Threat Feed, which uses a decay model to ensure indicators are relevant and actionable.
The Cyborg ecosystem includes partners in
security information and event management (SIEM)
, endpoint detection and response (EDR), and security orchestration, automation, and response (SOAR). For more information on the HUNTER platform, visit:
cyborgsec3.wpengine.com
.