Fox-IT was the first to detect the NBC.com Citadel malware hack within minutes of its launch last week in the normal course of monitoring its customers, officials at the Dutch security firm today announced. The analysis performed on the malware itself was part of InTELL, a portal-based service that defends high profile and high security businesses against the dark world of cybercrime. Representatives of the company are in San Francisco this week to showcase the product to North American enterprises and potential partners.
"The detection of this hack is only one example of the type of attacks Fox InTELL protects our clients against every day. The service monitors and captures the chatter, contains the fallout and minimizes the damage of cyber-attacks every day by gathering and delivering the most relevant and actionable information across the cyber intelligence community directly into the hands of InfoSec teams," said Ronald Prins, CEO of Fox-IT.
Founded in 1999 as Europe's first digital investigation agency, Fox-IT specializes in cyber defense tools, proactive monitoring services and rapid incident response for financial services, governments and highly secure/highly sensitive enterprises.
Real-time threat evolution monitoring makes threats immediately known
Fox InTELL clients are alerted immediately of possible threats and have portal access to real-time threat evolution monitoring, which is different than the standard industry practice of developing a written report, by which time the threat has already evolved further. Should a threat become actionable, Fox-IT works with the client to prevent or mitigate the exploit, which can include reverse-engineering malware never before seen.
"Fox InTELL enables us to be more in control of banking malware related to online fraud," said Ton Wieman, head of investigations of a large European bank. "Through InTELL we can reach out to our peers in other participating organizations quickly and stay abreast of the very latest developments in great detail."
It was a similar case in the NBC.com attack, when Fox-IT staff immediately notified their client, who was able to take corrective action, mitigating the damage to the enterprise. They then reached out to NBC.com's security team (who is not a Fox-IT customer) to alert them to the incident. Meanwhile, Fox-IT CEO Ronald Prins (Twitter: @CryptoRon), Tweeted an alert to warn other potential site visitors.
Client-specific monitoring catches vulnerabilities of enterprise "brands" to cybercrime
Cybercriminals often design, offer and trade malware by "brand," a situation unknown and inaccessible to most internal security teams. Fox InTELL monitors for appearances of clients' brand names in malware configurations, cybercrime command and control infrastructures, and underworld forums, where new threats and targeted attacks are planned.
In the case of the NBC.com Citadel hack, Fox-IT staffers discovered that the malware distributed was configured to manipulate traffic to and from the banking sites of the leading US-based banks, including Wells Fargo, Bank of America, Citibank, USAA, TD Ameritrade, Suntrust, PNC, Chase, American Express and Schwab among others.
Portal-based collaboration increases protective agility
The Collaboration area on the Fox InTELL portal has proven to be an important feature for client interactions with each other as well as with Fox InTELL experts. Community discussions on new threats and countermeasures raise questions and provide answers on issues faster than intelligence reports can be generated.
"If an InfoSec team doesn't know about a new cyber threat, they can't defend against it," says Fox InTELL product manager Eward Driehuis. "Fox InTELL improves an enterprise's cyber intelligence position, which enables better situational awareness, security controls, and risk decisions to protect their customers and their brand online."
History of use in high-profile cybercrime cases
Fox-IT has been gathering intelligence on cybercrime for almost a decade, and its services have been utilized by law enforcement agencies many times. Notable examples include helping to bring down the Bredolab botnet in the Netherlands, apprehension of botnet herders in Russia, and the post-mortem investigation of the DigiNotar data breach.
To arrange a meeting with Fox-IT, contact Joost Bijl, marketing manager, at bijl(at)fox-it(dot)com or via Twitter @foxit.
Fox-IT prevents, solves and mitigates the most serious threats as a result of cyber attacks, fraud and data breaches with innovative solutions for government, defence, law enforcement, critical infrastructure, banking, and commercial enterprise clients worldwide. Our approach combines human intelligence and technology into innovative solutions that ensure a more secure society. We develop custom and packaged solutions that maintain the security of sensitive government systems, protect industrial control networks, defend online banking systems, and secure highly confidential data and networks. For more information, visit http://www.fox-it.com.
Read the full story at http://www.prweb.com/releases/2013/2/prweb10474268.htm