Novetta Solutions LLC announced Oct. 14 that it is leading a cyber security coalition developed to interdict malware used by advanced threat groups. The objective of the coalition is to fix the adverse impact of professional cyber espionage groups and other threat actors.
In July, the McLean, Va.-based company selected cyber security industry partners, including Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Symantec, Tenable, ThreatConnect, ThreatTrack Security, Volexity and other industry leaders, to participate in the coalition.
“We felt it was important to take action proactively in coordination with our coalition security industry partners. The cumulative effect of such coordinated approaches could prove quite disruptive to the adversaries in question and mitigate some of the threat activity that plagues the joint customer base of this coalition,” Novetta CEO Peter B. LaMontagne said. “Novetta’s unique capabilities are centered around years of experience in identifying, tracking, reverse engineering and creating network based detection and decoding of threats that are typically considered the high end of the threat actor spectrum.”
The group’s effort was originally focused on the HiKit family of malware, with plans to expand out to address other tools used by a particular threat actor group. The coalition’s efforts were tied to Microsoft’s Malware Software Removal Tool (MSRT) and other coalition signature and product updates. A comprehensive report covering this family of malware, as well as technical details and additional insight into attribution, will be released by the coalition on Oct. 28.
The targeted threat actor group has designed and used several tools and techniques that focus on remaining undetected by security researchers and law enforcement authorities, while allowing attackers to quickly compromise and expand within targeted networks. The observed targets of these attacks are large public network infrastructure providers, holders of extensive IP portfolios and government entities from various countries in Asia and the U.S.
Technical details to be released in the comprehensive report, as well as the Executive Summary, indicates that this threat actor group operates out of China. Their motives appear to be oriented toward large-scale technology theft and intelligence gathering.
Novetta said it wants to ensure that the public was made aware of both this targeted threat actor group and that the coalition is taking every step to remediate this threat through coordinated analysis, distribution of information and coordinated action with its industry partners.
This initiative is one of the first efforts under the Microsoft supported Coordinated Malware Eradication (CME) program which aims to bring organizations in cyber security and in other industries together to change the game against malware.
This initiative seeks to go beyond reporting of malware and put into action tools and an approach that will better protect coalition customers. This coordinated effort provides a broader view and access to more data than if efforts had been undertaken by any one partner alone.
“This is akin to an ‘open source software’ approach for cyber threat mitigation — the adversaries share and retool their malware. We need to do the same on the defensive side,” LaMontagne said.
Novetta Solutions acquired Digital Results Group and Sentinel Applied Analytics in October 2014, SigInt Technologies in August 2014, Global News Intelligence in August 2014, International Biometric Group in October 2012 and White Cliffs Consulting in September 2012.