Prevailion launched ARKTOS to help businesses combat precursor attacks by creating “Malware Replication Profiles” (MRPs) that are remarkably comparable to APT and commodity malware encountered in the wild, without the risk of real malicious activity. Prevailion enables businesses to assess how effectively their cybersecurity measures will hold up against early-stage attacks beyond the restrictions of security program audits and vulnerability scans.
Prevailion is a world leader in Compromise Breach Monitoring. ARKTOS is the world’s first malware replication platform, allowing businesses to test their network security readiness against the world’s most difficult early-stage malware in a secure environment. A precursor, or initial access, virus, such as AnchorDNS, is widely used in sophisticated network invasions. Before moving on to the next stage of the attack, which could include ransomware, espionage, IP theft, data deletion or manipulation, and other threats, hackers use this early-stage malware to establish a foothold on the network, create command-and-control (C2) server communications, and gather intelligence on the target.
Many businesses fail to discover precursor assaults despite having the greatest network security and monitoring tools in place. This exposes the corporate network to malicious activity for weeks or months at a time, increasing the potential of a cyber assault causing major damage to the firm.
Karim Hijazi, CEO of Prevailion said, “Precursor attacks are one of the biggest failures in corporate security today and this is exactly what ARKTOS is designed to address. Most ransomware infections happen days, weeks or months after the initial network breach, so if companies can catch those beacons early on and cut off the malware’s access, they can prevent the actual encryption stage of the attack. ARKTOS replicates malware families like AnchorDNS, used by the Trickbot gang to deploy ransomware, and Nobelium RAT, used by the SolarWinds hackers, so that companies have a safe and effective way to stress-test their networks against determined adversaries.”
Prevailion has the unique ability to commandeer and repurpose the attacker C2s, which control hundreds of various malware families now in use in cyberattacks around the world, allowing it to mimic the behaviour of true APT and commodity malware. Prevailion can acquire massive volumes of inside information and performance data on active malware, ranging from criminal to nation-state entities, as a result of this. This data, as well as the actual de-fanged C2 infrastructure, is used by the company to safely test an organization’s current security stack against a real-world assault scenario.
Companies can quantify and qualify the preparedness and response of their end-to-end security controls for emerging and latent threats by collecting real-time telemetry data from the ARKTOS Replication Engine and monitoring communication with repurposed C2 infrastructure.
Read more articles: