What an amazing year it has been for us at Intezer! The company nearly doubled in size, we added several new important features to our Genetic Malware Analysis product: Intezer Analyze, and expanded our client portfolio with the addition of many diverse customers including Fortune 500 companies, cutting edge startups, and elite government agencies. In addition, the number of users leveraging our free community edition doubled from beginning to year end.
I want to thank our community for your continued support. Whether you’re an enterprise customer, using the free community edition for your malware investigations, or sharing our research and other publications on social media, it’s your trust in our solution which has validated our Genetic Malware Analysis technology, and established us as a go-to source for analyzing, responding to, and mitigating cyber threats.
So, to close out the year, I thought you might want to look back at some of our key highlights from 2019:
- Endpoint Analysis:
As I mentioned in an article written for Help Net Security, the nature of modern threats and the existence of fileless malware makes memory analysis a must have skill in the SOC arsenal for endpoint investigation.That’s why in the spring we released our Endpoint Analysis tool. The zero-installation, lightweight scanner analyzes every single piece of code running in your machine: automating the complex memory analysis process on every alert and detecting advanced in-memory threats such as malicious code injections, packed, and fileless malware.
- Supporting more file formats:
We’re committed to expanding our platform by supporting executables from more operating systems and devices, which is why we extended our capabilities to support genetic analysis for Android applications and files created with the Golang programming language. Intezer Analyze now proudly supports genetic analysis for Windows and Linux executables, in addition to Android APK files.
- Endpoint Analysis:
The Year of Linux Threats
In 2019, we saw an increase in Linux threats in the wild, and this is reflected in our blog, with over 20 of our research publications related to Linux threats. Our discoveries included large scale crypto-mining campaigns, botnets, ransomware, and nation-state sponsored threats.
The Antivirus industry continues to be plagued by low detection rates of Linux threats for several reasons, outlined in our blog. Recognizing that nearly 90% of all cloud servers are Linux, Linux threats pose a significant challenge to enterprises in the future, also considering the booming cloud adoption. However, Genetic Malware Analysis has proven itself to detect Linux threats which were previously undetected. This is what makes identifying binary code reuse between software so important for threat detection. As long as you have the attacker’s code indexed, you will be able to detect and classify any future variant that reuses even the smallest portions of code.
Our top performing research posts this year were:
- HiddenWasp Malware Stings Targeted Linux Systems
- How we Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Systems
- Mapping the Connections Inside Russia’s APT Ecosystem
More about Linux threats:
- Why we Should be Paying More Attention to Linux Threats
- [Webinar] Linux Threat Landscape
- HiddenWasp and the Emergence of Linux-based Threats
Speaking at Conferences
Our research and executive teams spoke at the following conferences in 2019, on topics ranging from IoT cyber threats to memory analysis and incident response:
- During Black Hat USA Arsenal, researcher Omri Ben-Bassat revealed his advanced malware tracking framework for reverse engineers
- Researcher Nacho Sanmillan presented his research on the Chinese DDoS threat landscape during Virus Bulletin. To read the accompanying report, please visit our blog.
- VP of Research Ari Eitan participated on an IoT cyber threats and proactive security panel, broadcast live from Cybertech TLV
- Community manager Shaul Holtzman discussed the evolution of the financial cyber threat during a Fintech Week Tel Aviv panel
- At the Forum of Incident Response and Security Teams (FIRST), Ari Eitan explained how the evolutionary nature of software can enable a zero-trust approach for investigating a large volume of alerts. CTO Roy Halevi presented on a similar subject to attendees at Infosec Europe
- In a months long research study conducted with Check Point, we mapped genetic connections between Russian APTs on an unprecedented scale. In total, 22,000 code reuse connections were identified between 2,000 Russian APT samples, in addition to 3.85 million non-unique pieces of code that were shared. We also published two open-source tools which can be used by the infosec community to further investigate Russian-related cyber attacks: Russian APT Map and a Russian APT detector.
- In November, we partnered with IBM Security to uncover PureLocker, a previously undetected ransomware-as-a-service (RaaS) being used in targeted attacks against enterprise production servers and databases.
In 2020, we look forward to strengthening our product offerings and leadership in order to provide Genetic Malware Analysis to more organizations globally. Stay tuned for our upcoming announcement, as we will soon be launching a new and exciting product based on our core technology, which will address a significant challenge faced by enterprises today.
While there is much more work to be done, I’m incredibly proud of the accomplishments our team has made this year, and I wish our readers, customers, and partners a happy holiday season and a happy new year!