DTAG-CTI (Deutsche Telekom – Cyber Threat Intelligence) protects clients against cyber-attacks worldwide on a scale beyond most companies capabilities due to the nature of our business.
Like us, the adversaries too have cyber-experts. They continuously enhance their malware attacks with stealth and anti-forensics capabilities. This increases our overall risk and also the cost of detection and remediation.
For example, repacked malware strains evade endpoint’s protection, fluxed C2s bypass SIEM, and obfuscations fool reversing.
We can cope with this in spite of the high cost. However, it all amounts to nothing if, by the time a defense is erected, the attack has reshaped and shifted direction again, turning those defenses obsolete.
We in DTAG-CTI have erected predictive defenses using malware’s code-similarity. This predictive layer goes beyond network activity, behavior, metadata and state-of-the-art technologies. We match binaries using Cythereal’s automatically generated YARA rules, unearthing previously unseen strains despite reshuffling, repacking, and other evasions. These predictive defenses nail the malware “in the bud,” before it has had a chance to spread or even to report to its C2.
As an extra value, these early detections also empower early identification. We learn from the start who is against us and hunt for associations regardless of their obfuscated binaries, dissimilar metadata, IOCs, and payloads.
Cythereal recently won multiple Cyber Defense Magazine’s coveted InfoSec Awards for 2020 during RSA Conference 2020 in San Francisco, California, USA.
“Cythereal’s technology, developed in the USA under millions in DARPA research grant funding and early stage venture capital, seems to take the concept of billions of samples of growing malware threat intel down to tiny bits and bites of family trees, in real-time. This solution actually works to ‘compress time to respond from days and weeks to milliseconds – it’s so impressive, it’s hard to believe…’,” stated Gary Miliefsky, fmDHS, CISSP who was one of the judges in this awards program and is the Publisher of Cyber Defense Magazine.
Together with the professionalism and commitment of our teams and partners, we have found in the expertise, dedication, and engagement of Cythereal a very powerful and astounding ally that brings threat hunting and cyber-defense to a superior level.
About the Author
Lucio Frega is a computer forensic examiner certified by IACIS (International Association of Computer Investigative Specialists). He has over 40 years of worldwide experience in IT/OT security in Banks, Pharma, Telcos and the energy sector. Lucio is not affiliated with Cythereal. His comments and that of the CDM Publisher, Gary Miliefsky, are not to be construed as the official posture of any stakeholder but himself.