Prevailion has launched ARKTOS, a malware replication platform that allows enterprises to safely test their network security readiness against the world’s most complex malware.
“Precursor attacks are one of the biggest failures in enterprise security today and that’s exactly what ARKTOS is designed for,” said Karim Hijazi, CEO of Prevailion and former community contractor. American intelligence. “Most ransomware infections occur days, weeks or months after the first network breach, so if companies can catch these beacons early and cut off malware access, they can prevent the encryption step. actual attack. ARKTOS replicates malware families like AnchorDNS, used by the Trickbot gang to deploy ransomware, and Nobelium RAT, used by hackers SolarWinds, so businesses have a safe and effective way to test their networks against determined adversaries .
Sophisticated network intrusions often start with a precursor or initial access to malware, like AnchorDNS. Hackers use this early-stage malware to gain a foothold in the network, establish command and control (C2) server communications, and collect information about the target before proceeding to the next stage of the attack – which may include ransomware, spying, IP theft, data deletion or manipulation and other threats.
Even with the best network security and monitoring tools in place, many companies still fail to detect precursor attacks. This leaves the corporate network exposed to malicious activity for weeks or months at a time and increases the risk for the business of sustaining significant damage in the event of a cyberattack.
ARKTOS solves this problem with “Malware Replication Profiles” (MRPs) that are nearly identical to APT and basic malware found in the wild (but with no risk of actual malicious activity). This allows organizations to go beyond the confines of security program audits and vulnerability scans to actually test the ability of their cybersecurity defenses to withstand early-stage attacks.
ARKTOS malware replication profiles are based on the complex network behavior of real APTs and common malware, including:
- C2 endpoints (domains, IPs, etc.)
- Reminder frequency and initiation policy (round-robin, random, triggered by user activity, etc.)
- Communication patterns (transport protocol payload content (i.e. HTTP requests, custom binary protocols)
- Threat descriptions (malware family labels, capabilities, known actors, known hits – i.e. ransomware)
Prevailion replicates the behavior of real APTs and commodity malware with its unique ability to commandeer and reuse the C2s of attackers who control hundreds of unique malware families currently used in cyberattacks around the world. This allows Prevailion to collect large amounts of insider information and performance data on active malware, ranging from criminals to nation-state groups. The company uses this data and the actual C2 infrastructure to safely test an organization’s existing security stack against a real attack scenario.
By collecting real-time telemetry data from the ARKTOS replication engine and monitoring communication with repurposed C2 infrastructure, enterprises can quantify and qualify the readiness and response of their end-to-end security controls. butt for emerging and latent threats. It also allows them to qualify the ability of each stage of a particular threat’s communication to bypass security controls.
ARKTOS has already undergone live enterprise testing and deployments through a previous beta testing program.