The IT Nerd

HYAS Infosec, the adversary infrastructure platform provider that offers unparalleled visibility, protection, and security against all kinds of malware and attacks, today announced the launch of its free HYAS Insight Intel Feed.

HYAS leverages data from diverse authoritative sources, including exclusive, private, and commercial datasets, to provide organizations with unparalleled insights into emerging threats. By offering this invaluable resource at no cost, HYAS aims to empower security teams to detect, mitigate, and better defend against cyber threats and safeguard organizational assets.

Bridging the Threat Intel Gap

Unlike conventional intelligence feeds, which often lack context and actionable insights, the intelligence generated by the HYAS Adversary Infrastructure Platform delivers concentrated and actionable intelligence on specific malware families and associated infrastructure. This unique approach enables security operations centers (SOCs), cyber threat intelligence (CTI) teams, and fraud investigation units to readily identify and respond to emerging threats effectively.

The HYAS Insight Intel Feed incorporates information on IP addresses, domains, and other forms of infrastructure leveraged by threat actors to orchestrate malicious activities. By providing timely and relevant insights into exploited infrastructure, HYAS enables organizations to enhance their security posture and proactively mitigate risks. HYAS ensures the continual validation, prioritization, and enrichment of its free intelligence feed providing users timely and proactive insights to bolster organizational security effectively.

Driving Operational Excellence

The free HYAS Insight Intel Feed caters to a wide range of use cases, including:

• Intelligence enrichment and improved context for SOAR, TIP, and threat intel management programs
• Real-time IOC/observables for detection and blocklisting
• SIEM event correlation and analysis
• Improves SOC teams’ triage process, incident response, and threat hunting
• Provides cyber threat intelligence (CTI) teams previously unavailable insight and analysis
• Gives fraud teams meaningful, powerful new investigative abilities 

Register for the Feed

Access the free HYAS Insight Intel Feed
 

HYAS Infosec has just issued the Threat Intel Report March 25 2024, in which HYAS Threat Intelligence Security Engineer David Brunsdon details:

• Top ASNs Under Observation
• The most active malware families during the week that’s just ended.

The Report includes specific details on each ASN,  including organizational description and location, recent activity, organization type (hosting, ISP, telco) and recommendation for protecting organizations. 

For the Top Malware Families Under Observation, the report provides descriptions of each threat, recent activities, specific risks and potential impacts, and recommendations for mitigation and tightening security posture against the threat.

HYAS has published new data on malware communications and the top malware families currently in use. 

The Top Five Malware Destinations (i.e. geographic locations and destinations for malware communication from their detonations) during the week of March 10-16, 2024. The data is derived from the HYAS Insight platform which identifies, tracks, and attributes fraud and attacks rapidly and accurately, pinpointing the origin and current infrastructure employed. A South Korean service provider’s infrastructure was the top destination point of the week.

Of the Top Five Malware Families for the week of March 10-16, 2024, the top was Urelas, a trojan malware that allows hackers to remotely control an infected system. This family of malware often propagates through malicious email attachments and drive-by downloads. It is known to avoid detection by disguising its malicious activities as legitimate system processes. This data is derived from HYAS Protect, a protective DNS solution that combines authoritative knowledge of attacker infrastructure and domain-based intelligence to proactively enforce security and block the command and control (C2) communication used by malware, ransomware, phishing, and other forms of cyber-attacks.

HYAS Infosec, the adversary infrastructure platform provider that offers unparalleled visibility, protection, and security against all kinds of malware and attacks, today announced the latest benefit of the HYAS ONPOINT Program, which lets MSPs, MSSPs and other channel partners offer HYAS Protect, cybersecurity sector’s top protective DNS solution, to their clients and leverage HYAS Insight proactive threat intelligence platform – all with unprecedented discounts and without financial risks.

HYAS is dedicated to its partners and the latest program benefit eliminates the fees, barriers, and ongoing commitments that other cybersecurity vendors often demand from their channel partners. Partners joining the HYAS ONPOINT Partner Program and offering HYAS Protect protective DNS as part of their managed service will receive a complimentary 12-month minimum subscription to the HYAS Insight threat intelligence and investigation platform to use in their security stack.

This offer brings immediate value to the internal SOC, incident response and threat analysis teams, and gives sales teams a highly differentiated solution to offer to clients and prospects. Partners will be able to protect clients more effectively and bring complex threat analysis to a close faster and more efficiently. The HYAS ONPOINT Partner Program provides an important new cybersecurity service entry point and revenue expansion opportunity that lets MSSPs and MSPs:

• Provide exceptional proactive threat and adversary intelligence to identify and stop advanced cyberthreats, across services including managed security, DFIR, MDR, MSOC & others
• Elevate service offerings, free from financial constraints
• Add a sticky new revenue stream to service offerings
• Increase client retention
• Expand service differentiation without fees, catches, or up-front minimum revenue commitments of any kind.

The HYAS Solution

HYAS is the cybersecurity vendor that offers the unique combination of cybersecurity products that are a benefit to both managed services teams and threat intel teams:

HYAS Insight: This advanced threat intelligence and investigation platform gives organizations the ability to identify, track, and attribute fraud and attacks faster and more efficiently. HYAS Insight provides threat and fraud response teams with unprecedented visibility into everything a defender needs to know about an attack: the origin, current infrastructure being used, alerts when new relevant infrastructure is created, and any infrastructure likely to be used by an adversary in the future.

By analyzing data aggregated from leading private and commercial sources around the world, HYAS identifies suspicious infrastructure likely to be used in attacks — sometimes months before it is even activated. Top Fortune 500 companies rely on HYAS’ exclusive data sources and nontraditional collection mechanism to power their security and fraud investigations.

HYAS Protect: Built on the underpinning technology of HYAS Insight threat intelligence, HYAS Protect is a protective DNS solution that combines authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence to proactively enforce security and block the command and control (C2) communication used by malware, ransomware, phishing, and other forms of cyber-attacks.

Even if an attack has bypassed a network’s perimeter defenses – regardless of how the breach occurred – it still must “beacon out” for instructions, including lateral motion, privilege escalation, data exfiltration, and even encryption. And the need to beacon out to malicious infrastructure, commonly called command-and-control (C2), must be established prior to launching the attack.

HYAS detects and blocks these beaconing requests of nefarious C2 communication, letting users cut off these attacks before they cause harm, whether in an IT or OT environment. If an organization can be alerted to this adversary infrastructure, they can stop an attack before damage can be done and ensure true business resiliency.

HYAS Infosec is pleased to share that research cited from HYAS Labs, the research arm of HYAS, is being utilized by contributors to and framers of the European Union’s AI Act.

The AI Act is widely viewed as a cornerstone initiative that is helping shape the trajectory of AI governance, with the United States’ policies and considerations soon to follow.

AI Act researchers and framers assert that the Act reflects a specific conception of AI systems, viewing them as non-autonomous statistical software with potential harms primarily stemming from datasets. The researchers view the concept of “intended purpose,” drawing inspiration from product safety principles, as a fitting paradigm and one that has significantly influenced the initial provisions and regulatory approach of the AI Act.

However, these researchers also see a substantial gap in the AI Act concerning AI systems devoid of an intended purpose, a category that encompasses General-Purpose AI Systems (GPAIS) and foundation models.

HYAS’ work on AI-generated malware — specifically, BlackMamba, as well as its more sophisticated and fully autonomous cousin, EyeSpy – is helping advance the understanding of AI systems that are devoid of an intended purpose, including GPAIS and the unique challenges posed by GPAIS to cybersecurity.

HYAS research is proving important for both the development of proposed policies and for the real-world challenges posed by the rising dilemma of fully autonomous and intelligent malware which cannot be solved by policy alone.

HYAS is providing researchers with tangible examples of GPAIS gone rogue. BlackMamba, the proof of concept cited in the research paper “General Purpose AI systems in the AI Act: trying to fit a square peg into a round hole,” by Claire Boine and David Rolnick, exploited a large language model to synthesize polymorphic keylogger functionality on-the-fly and dynamically modified the benign code at runtime — all without any command-and-control infrastructure to deliver or verify the malicious keylogger functionality.

EyeSpy, the more advanced (and more dangerous) proof of concept from HYAS Labs, is a fully autonomous AI-synthesized malware that uses artificial intelligence to make informed decisions to conduct cyberattacks and continuously morph to avoid detection. The challenges posed by an entity such as EyeSpy capable of autonomously assessing its environment, selecting its target and tactics of choice, strategizing, and self-correcting until successful – all while dynamically evading detection – was highlighted at the recent Cyber Security Expo 2023 in presentations such as “The Red Queen’s Gambit: Cybersecurity Challenges in the Age of AI.”

In response to the nuanced challenges posed by GPAIS, the EU Parliament has proactively proposed provisions within the AI Act to regulate these complex models. The significance of these proposed measures cannot be overstated and will help to further refine the AI Act and sustain its continued usefulness in the dynamic landscape of AI technologies.

Additional Resources:

“General Purpose AI systems in the AI Act: trying to fit a square peg into a round hole” https://www.bu.edu/law/files/2023/09/General-Purpose-AI-systems-in-the-AI-Act.pdf. Paper submitted by Claire Boine, Research Associate at the Artificial and Natural Intelligence Toulouse Institute and in the Accountable AI in a Global Context Research Chair at University of Ottawa, researcher in AI law, and CEO of Successif, and David Rolnick, Assistant Professor in CS at McGill and Co-Founder of Climate Change AI, to WeRobot 2023.

News – European Parliament – The European Union’s AI Act: https://www.europarl.europa.eu/news/en/headlines/society/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence

Future of Life Institute “General Purpose – AI and the AI Act” What are general purpose AI systems? Why regulate general purpose AI systems? https://artificialintelligenceact.eu/wp-content/uploads/2022/05/General-Purpose-AI-and-the-AI-Act.pdf

Towards Data Science – “AI-powered Monopolies and the New World Order – How AI’s reliance on data will empower tech giants and reshape the global order” https://towardsdatascience.com/ai-powered-monopolies-and-the-new-world-order-1c56cfc76e7d

“The Red Queen’s Gambit: Cybersecurity Challenges in the Age of AI” presented by Lindsay Thorburn at Cyber Security Expo 2023 https://www.youtube.com/watch?v=Z2GsZHCXc_c

HYAS Blog: “Effective AI Regulation Requires Adaptability and Collaboration” https://www.hyas.com/blog/effective-ai-regulation-requires-adaptability-and-collaboration

HYAS Infosec and LDI Connect, a leading provider of managed IT, office and security services, today announced LDI’s selection of HYAS as a strategic addition to their cybersecurity services portfolio.

This partnership enables LDI Connect to enhance its clients’ cybersecurity defenses through the advanced protection capabilities of HYAS Protect protective DNS. By combining authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence, HYAS Protect lets LDI Connect proactively enforce security and block adversarial command-and-control (C2) communication, protecting customer organizations against malware, ransomware, phishing, and other forms of cyber attacks.

As early adopters of new and innovative technology, LDI Connect understands the critical role that protective DNS plays in their clients’ cybersecurity stack. Continually looking to improve the effectiveness of the services LDI Connect provides to their clients, the MSP recognized that the HYAS protective DNS solution has the highest efficacy rates in the industry in detecting new, unknown and emerging vulnerabilities. (Source: AV-Test) With HYAS Protect in place, LDI Connect clients gain greater visibility, efficacy and protection in their environments with a solution that integrates into any security architecture.

HYAS Research Labs has been following research by Canada’s own CitizenLab and Sekoia on the mercenary spyware “Predator”, made by Cytrox, which was discovered to be targeting an Egyptian former MP (link is to AP story, and is also linked below) who announced a potential run for the presidency. 

HYAS security engineer David Brundson investigated the IOCs mentioned in both reports using HYAS Insight and found details that could lead toward threat actor attribution, which he publishes in “Examining Predator Mercenary Spyware”

The HYAS blog provides recaps the threat actor’s attack, delves into strategy and, through HYAS Insight, identifies their likely location.  

Brundson also offers HYAS Recommendations: Individuals concerned about possibly being the target of mercenary spyware should reboot their phones daily, as thus far, it hasn’t been reported that Predator has persistence after reboot. Organizations should strongly consider protective DNS, such as HYAS Protect, which was today named for an InfoSec Innovator Award.

HYAS Blog – Examining Predator Mercenary Spyware: https://www.hyas.com/blog/examining-predator-mercenary-spyware

Today HYAS Infosec, whose adversary infrastructure platform provides unparalleled visibility, protection and security against all kinds of malware and attacks, today announced their EyeSpy proof-of-concept (PoC), an entirely new type of polymorphic, fully autonomous malware. The malware uses artificial intelligence to make informed decisions and synthesize its capabilities as needed to conduct cyberattacks and continuously morph to avoid detection.  

• EyeSpy reads its target environment, autonomously determines available attack vectors, generates, and tests and adapts malware until it achieves attack goals. 
• It reasons on its own, picks the best tools and techniques to use in a given moment, then strategizes and executes an attack, assesses and fixes code failures in-memory to align with its changing attack objective, and continuously evades detection.
• Security Mindsets Analyst Charles Kolodgy said in part: “I have seen EyeSpy demoed. The nightmare scenario where malware can autonomously respond to its environment is reality. With EyeSpy, HYAS is getting into the adversarial mindset on what’s coming in the future and is able to be more predictive on what we’ll be facing.”​​​​​​​​​​​​​​​​​​
• Todd Graham, Managing Partner, M12 (Microsoft’s venture capital fund), said in part: “There is no doubt this is the next threat landscape and the new theater of war.”

 The development of EyeSpy is part of HYAS Infosec’s ongoing research and will ensure that the company’s protection platform extends to the future of malware as well. As part of its continuing research, HYAS recently pioneered AI-synthesized, polymorphic malware with its BlackMamba PoC.  

Using the current early versions of generative AI, EyeSpy is capable of:

1. Selecting its intended victim independently or through a threat actor’s specification
2. Assessing the target environment, platform, applications and environmental footprint
3. Identifying optimal vectors to extract information
4. Writing malware on the fly – for example, if a target is on a specific video conference app, it will compose, test & validate the malware for that app 
5. Executing the attack
6. Analyzing the QA result
7. Self-repair and continued attack iteration until it has achieved the attacker’s goals

EyeSpy catapults HYAS even further into a future where such intelligent, autonomous entities will be part of the cyber warfare landscape. EyeSpy represents a significant milestone in the potential evolution of adversary capabilities. Observers note that EyeSpy malware isn’t merely a program – it is an adaptive entity with evolving strategies, making its class of malware an ever-present, dynamic threat that evades detection.

HYAS Labs threat research is accelerating work on technology capable of remediating this emerging class of AI-synthesized, polymorphic malware both to ensure its award-winning HYAS Protect, HYAS Confront, and HYAS Insight solutions provide the superb protection that the market urgently needs, and also to advance the sector’s understanding of and response to new generations of threats.

Learn more about the EyeSpy PoC.

The Business Intelligence Group today announced that HYAS Infosec has won the 2023 Fortress Cybersecurity Awards in the Threat Intelligence category. The industry awards program sought to identify and reward the world’s leading companies and products that are working to keep our data and electronic assets safe among a growing threat from hackers.

HYAS Insight is an advanced threat intelligence and investigation solution that gives organizations the ability to identify, track, and attribute fraud and attacks faster and more efficiently. Powered by an unrivaled understanding of attack infrastructure and a proprietary graph database — which aggregates information from commercial and private sources and uncovers the relationships between them — HYAS Insight is able to surface previously inaccessible data as well as the rich context needed to use it.

By analyzing data aggregated from leading private and commercial sources around the world, HYAS identifies infrastructure likely to be used in attacks — sometimes months before it is even activated. Powered by this unmatched understanding of attacker infrastructure and methodology, threat intelligence solution HYAS Insight allows users to investigate, identify, and attribute attacks, helping organizations protect themselves from future threats and gain greater visibility into the nature and types of threats and risks they are facing. Additionally, HYAS Insight easily integrates into the set of tools and solutions that clients utilize today, including leading visualization solutions, TIPs, SIEM, SOAR, and even proprietary solutions via JSON APIs.

For information about the HYAS Infosec, please visit https://www.hyas.com/. For information about the annual Fortress Cybersecurity Awards, please visit, https://www.bintelligence.com/awards/fortress-cybersecurity-award.