The IT Nerd

 HYAS Infosec has announced its recognition as the Best Threat Intelligence Technology winner at the prestigious 2024 SC Awards. This award underscores HYAS Infosec’s unwavering commitment to innovation, leadership, and excellence in the cybersecurity industry.

Now in its 27th year, the SC Awards recognize top-performing solutions, organizations, and individuals for outstanding contributions to information security. With 33 categories this year, the awards celebrated both established leaders and emerging disruptors across the cybersecurity landscape.

The HYAS Insight threat intelligence solution stood out in a highly competitive category, showcasing its ability to address the evolving threat landscape through unparalleled infrastructure intelligence. The solution focuses on “VRA,” or Verdicts, Related Infrastructure, and Actor Attribution, which enables clients to be proactive against fraud and other threats they face. The win emphasizes HYAS Infosec’s dedication to providing practical, actionable solutions for efficient business outcomes that address today’s most complicated and complex cyber issues.

The SC Awards, hosted by SC Media, are judged by a panel of independent experts. Winners are selected based on their impact on cybersecurity, their capacity for innovation, and their effectiveness in addressing key industry challenges.

Throughout September, the SC Media editorial team will spotlight HYAS Infosec with exclusive interviews, video discussions, and a featured profile on the SC Media website, as well as promotion across LinkedIn and Twitter. To see the full list of this year’s SC Awards winners, visit the SC Awards page: https://www.scmagazine.com/sc-awards.

HYAS Infosec today announced the completion of all necessary security certifications as required by ConnectWise, the world’s leading software company dedicated to the success of Managed Service Providers (MSPs). To directly integrate with ConnectWise APIs and platform through Invent, integrators must pass an independent security review that ensures their integration is safe and secure. 

This collaboration through the ConnectWise Invent program will enable MSPs to address critical market challenges head-on with an award-winning and leading cyber-resiliency solution with proven correctness. Protective DNS is now recommended by CISA and the NSA and is becoming an integral part of multiple standards being deployed around the world to address the onslaught of continual new cyber-attacks that evade traditional detection. By embedding and integrating HYAS Protect into the ConnectWise ecosystem, MSPs will benefit from a more comprehensive and complete security posture, effectively mitigating cyber threats and operational risks.

The ConnectWise Invent program is a robust and secure integration program for MSPs seeking to merge their solutions with groundbreaking software from ConnectWise. The program strives to support MSPs globally in growing their businesses by harnessing the power of innovative technologies and by fostering mutual productivity, including Tier 1 integration support from ConnectWise. 

For more information on HYAS Infosec visit: https://marketplace.connectwise.com/vendors/hyas-infosec/hyas-protect/

HYAS Infosec is proud to announce its recognition as a recipient of the 2024 ChannelVision Magazine Visionary Spotlight Awards, winning in both the Top Innovation Award 2024 (Overall Excellence) and Cybersecurity (Business Technology) categories.

The Visionary Spotlight Awards (VSA) are an annual competition that celebrates excellence in channel and service provider innovation within the communications industry. This year, editors from Beka Business Media, along with a distinguished panel of judges from independent industry resources, evaluated hundreds of applications based on criteria such as overall innovation, future industry impact, creativity, feature set differentiation, ease of use, and interoperability.

HYAS Infosec was commended for its rapid innovation and substantial impact within the communications industry. The company’s advanced threat intelligence and protective DNS solutions, HYAS Insight and HYAS Protect, empower organizations to proactively defend their networks, and provide resiliency even in the event of a breach by ensuring that the breach does not result in a successful attack causing damage. By revealing, tracking, and attributing adversary infrastructure, HYAS enables channel partners to enhance their roles as trusted advisors in achieving business success by ensuring that their clients are properly protected with today’s most advanced solutions.

These award-winning solutions not only bolster organizational security but also provide significant advantages to channel partners. HYAS Insight and HYAS Protect offer scalable, easy-to-deploy technologies that integrate seamlessly into any existing security framework. By leveraging HYAS’s innovative solutions, channel partners can deliver enhanced security services to their clients, differentiate their offerings, expand their service portfolios, and drive new revenue streams. Additionally, the proactive nature of HYAS’s solutions helps reduce the incidence and impact of security breaches, and speeds the closure of open cases by three times or more, leading to increased client satisfaction and long-term trust.

The full list of ChannelVision’s 2024 Visionary Spotlight Award winners can be viewed online here. For more information about HYAS Infosec and its award-winning solutions, please visit HYAS.com.

HYAS Infosec today announced a new edition of HYAS Insight. The award-winning threat intelligence solution is used worldwide by law enforcement and Fortune 500 enterprise clients alike who benefit from the solution’s unprecedented visibility into the origins of attacks, the campaign infrastructure being used, and the resources likely to be used against them in the future.

As the industry expert in infrastructure intelligence, HYAS leverages a proprietary “VRA” analytics capability to provide organizations with superior real-time intelligence on Verdicts, Related Infrastructure, and Actors. HYAS Insight clients leverage VRA to better answer the critical cybersecurity questions about “what happened” and proactively mitigate the threat of future attacks with unmatched speed and effectiveness.  

Additionally, HYAS Insight’s Malware Infrastructure dashboard now delivers timely, graphically presented insights into the hundreds of thousands of individual malware samples that HYAS detonates daily. This capability offers unparalleled visibility into the current state of malware globally, enabling organizations to identify and track trends, gather more information, and gain better visibility into the threat landscape.

HYAS’s Malware Infrastructure intelligence also includes a newly expanded set of domains and IPs representing malware command and control (C2), and new visualization that shows distribution of top C2 intelligence by country. Threat hunters and fraud investigators now get one-click visibility into the regions and resources through which threat actors actively push exploits. These new capabilities make it easy for security and fraud teams to see the most pertinent information and immediately drill down. And HYAS Insight’s free Intel Feed makes consuming the latest malware infrastructure intelligence a snap, without worrying about budget, the procurement process, or red tape.

A Preferred Alternative for RiskIQ Users

With RiskIQ’s partial integration into Microsoft Defender and impending end-of-life for its standalone features, organizations searching for a suitable alternative to a comprehensive infrastructure intelligence platform find HYAS Insight an exceptional replacement solution. New users will immediately benefit from comprehensive threat intelligence, real-time analytics, seamless integration, and an intuitive user interface. 

HYAS Insight upgrades deliver:

• Broader Data Coverage: HYAS Insight’s diverse data sources provide a more detailed and accurate view of potential threats.
• Independent Operation: Unlike RiskIQ, HYAS Insight doesn’t require integration with Microsoft Defender TI Premium, and integrates out of the box with various leading visualization, TIP, SIEM, and SOAR solutions, offering greater flexibility.
• Future-Proof Investment: HYAS Insight is dedicated to continuous improvement, ensuring it keeps up with emerging cybersecurity challenges.

Examining the trove of data exposed in Autonomous System Numbers (ASNs) can identify and mitigate complex malware campaigns in novel ways. Using these technique, HYAS has just published Tracking An Active Remcos Malware Campaign.

Remcos is a commercially available application used for remotely controlling Windows computers. When used covertly, it operates as a fully functional remote access trojan, able to monitor keystrokes, exfiltrate data, passwords, or screenshots, and monitor cameras.

The campaign HYAS is tracking began on May 14, 2024, and is operated out of Maiduguri, Nigeria. Recent malware detonations have indicated Remcos C2 communication with two domains, taker202.ddns[.]net (port 3017) and taker202.duckdns[.]org (port 5033). Both domains resolve to Lithuania, and are hosted on the ISP “Silent Connection Ltd”.

The report details the threat actor’s use of dynamic DNS services (DDNS and DuckDNS) for Command and Control (C2) communications which — combined with hosting on a Lithuanian ISP — obfuscates the true origin of the attack and also leverages international resources to evade localized law enforcement. The use of DDNS allows for rapid changes in IP addresses, complicating traditional IP-based blocking and tracking methods.

HYAS’ report provides real-time tracking and attribution, the impacts and risks of Remcos, and detection and removal recommendations.

About HYAS’ Novel Research Process: ASNs are unique identifiers of networks participating in the global routing system, and can offer insight into the infrastructure threat actors are using. HYAS collects IOCs such as IP addresses, domain names, file hashes, and other artifacts associated with a suspected malware campaign and uses specialized tools, databases, and techniques to map the collected IP addresses to their corresponding ASNs. This enumeration helps ID the ownership and affiliations of networks involved in the campaign. HYAS then:

• identifies the origins of malicious traffic, 
• pinpoints hosting providers associated with malware distribution, 
• surfaces and traces connections between threats and entities that otherwise seem unaffiliated, and 
• attributes malware campaigns to specific threat actors or groups, defend against active campaigns and thwart future ones.

HYAS Infosec, an adversary infrastructure platform provider that offers unparalleled visibility, protection and security against all kinds of malware and attacks, and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced a partnership. Under the agreement, Carahsoft will serve as HYAS’ Master Government Aggregator®, bringing the company’s industry leading HYAS Protect protective Domain Name System (DNS) and HYAS Insight threat intelligence and investigation platforms to the Public Sector through Carahsoft’s reseller partners and NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), National Association of State Procurement Officials (NASPO) ValuePoint and OMNIA Partners contracts.

HYAS solutions help Government agencies align to DNS security requirements set forth by Cybersecurity Infrastructure Security Agency (CISA), National Security Agency (NSA) and Department of Defense (DoD). Considered a “must-have” by CISA and the NSA, Protective DNS is an essential component of the Public Sector’s security posture, as well as a critical element of the Cybersecurity Model Maturity Certification (CMMC) framework.

Globally recognized independent research institute AV-TEST GmbH tested HYAS Protect and found it provides exceptionally high levels of cybersecurity protection. The solution leverages intelligence and data derived from the HYAS Adversary Infrastructure Platform to uniquely analyze and correlate data points together for increased efficacy and deeper insights.

HYAS solutions include its award-winning HYAS Insight threat intelligence and investigation platform and HYAS Protect Protective DNS solution, available through Carahsoft’s SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042, NASPO ValuePoint Master Agreement #AR2472 and OMNIA Partners Contract #R191902. For more information, please contact the Carahsoft Team at (703) 871-8548 or HYAS@carahsoft.com; or visit the Carahsoft HYAS webpage to learn more about HYAS’ solutions.

David Brunsdon, Threat Intelligence Security Engineer with HYAS, has published “Risepro Malware Campaign On The Rise.”

Brunsdon says: “we saw a surge in activity related to the Risepro malware, particularly targeting IP address 147.45.47.93 – its C2 ‘mother ship.’ This signifies a concerning development in the cyber threat landscape, as Risepro, akin to StealC, is a notorious form of stealer malware designed to exfiltrate sensitive information from compromised systems.

The HYAS threat analysis provide an in-depth understanding of the Risepro malware campaign based on the provided information, focusing on the actor’s tactics, techniques, and procedures (TTPs).  It includes a risk assessment of data compromise, operational disruption and IP theft, and offers mitigation strategies.

Today’s HYAS Threat Intelligence Report also notes the top five ASNs identified in HYAS Insight this last week.

You can read the analysis here.

ZainTECH, the integrated digital solutions provider of Zain Group, and HYAS Infosec, the adversary infrastructure platform provider that offers unparalleled visibility, protection, and security against all kinds of malware and attacks, have entered into a strategic partnership to bring HYAS’ award-winning and industry leading Protect solution to various countries across the Middle East.

ZainTECH already provides modern infrastructure solutions within its extensive portfolio of digital transformational solutions. This agreement comes at an opportune time given the criticality of Protective DNS solutions worldwide and the current cyber security initiatives across the entire Middle East region.

Together, ZainTECH and HYAS will deliver cyber resiliency across the Middle East, expanding zero-trust models past the network perimeter. Many Gulf organizations are forging their cybersecurity journeys, and the implementation of mature, cyber resiliency and zero-trust models are expected to grow rapidly in the coming years. ZainTECH’s clients will benefit immediately from the partnership with HYAS and the implementation of these capabilities, ensuring not just superior protection today but a long-term partnership capable of new levels of protection and resiliency across the entire business spectrum.

As part of a zero-trust strategy, HYAS Protect safeguards organizations regardless of how attackers change their techniques, tactics, vectors, and entry points, and has been independently proven by AV-TEST to be the most effective Protective DNS solution available today. HYAS Protect integrates seamlessly with various security components including EDR solutions such as Microsoft Defender for Endpoint (MDE) and others, and can be deployed within minutes. HYAS is closely aligned with Microsoft as a member of the Microsoft Intelligent Security Association and is backed by M12, Microsoft’s venture capital fund, as well as S3 Ventures, and other venture capital firms.

HYAS has just published the HYAS Threat Intel Report for April 15, 2024, a deep examination of the Amadey malware family which has been increasingly active, targeting SMBs and enterprises.

David Brunsdon, Threat Intelligence Security Engineer with HYAS, said: “The threat posed by the Amadey malware family looms large, targeting individuals, businesses, and organizations across sectors with sophisticated tactics aimed at stealing sensitive information, compromising systems, and wreaking havoc. 

“We look at the intricacies of the Amadey malware family, exploring its modular architecture, propagation methods, malicious techniques, notable campaigns, and the entities it targets. By dissecting the inner workings of this pervasive threat and providing actionable insights, we hope to better equip cybersecurity professionals, organizations, and individuals with the knowledge needed to bolster their defenses and mitigate the risks posed by Amadey and similar malware variants.”

Amadey is a malware family recognized as a Remote Access Trojan (RAT) generally used in reconnaissance operations for keylogging, credential theft and data exfiltration. Past campaigns using this malware family have been known to target non-Russian-speaking countries.

You can read the Threat Intel Report here.

The Weekly Threat Intelligence Report from David Brunsdon, Threat Intelligence Security Engineer with HYAS, is a (curated) analysis of what the threat intel team has seen within the HYAS Insight threat intelligence and investigation platform this past week and deemed the most significant to report externally. It names the most prominent malware families active over the last week, as well as the top C2-generating locations worldwide for the week. 

Analysis by Adam Lopez, Director of Solutions Engineering at HYAS:

   “Reviewing the top ASNs and malware origins generating C2 communications reveals involvement of ISPs from South Korea (AS9318), Italy (AS8968), the UK (AS216309 and AS216319), and Japan (AS7684), which underscores the global nature of cybersecurity threats. Malware does not discriminate by geography, affecting ISPs worldwide, indicating the pervasive risk across different network infrastructures. A recurring theme is the presence of malware activity despite the ISPs’ reputations for quality service. 

   “This suggests that even well-managed networks can become vectors for malware dissemination, highlighting the importance of constant vigilance, sophisticated monitoring, and robust security protocols to detect and mitigate threats. 

   “The identification of specific malware families (Amadey, Redline, Urelas, Sality, Stealc) indicates a range of cyber threats, from information stealers to polymorphic viruses, showcasing the complexity and adaptability of cyber adversaries. The diversity of these threats necessitates a multifaceted security approach, combining technical, procedural, and educational strategies to counteract them effectively.”

The full HYAS Threat Intel Report April 1, 2024, is linked above and is very much worth reading.