With thanks to Kumar Ritesh, Chairman and CEO of CYFIRMA, Aviva Zacks had the opportunity to find out about an amazing company that can detect cyberthreats almost before the hackers even think of them.
Safety Detectives: What was your motivation to start CYFIRMA?
Kumar Ritesh: I was CISO at BHP, which is a large resourcing company, and one of the issues we had was how to get visibility into cybercriminals—who they are, why they are behind us, what they want from us, when can they potentially attack us, and how are they going to attack us.
There were three clear problems that I was able to see in the market:
- There was no outside-in cybersecurity tool provider that was helping organizations. There were intelligence providers that were providing intelligence after the fact. Something would happen somewhere, and that information would be reprocessed and presented to you as a piece of intelligence. So, problem number one was that there was no outside-in visibility into how the external threat landscape looks.
- The intelligence itself was not personalized, which means any malware that was being analyzed was spreading across the globe in different forms for different industries. People knew that they were going to get the malware, but didn’t know what form it would be in. These threat insights were generic and not too far from “community feeds.” The second problem was that intelligence wasn’t personalized, so we saw a need.
- The third element was how to bring predictability into the game of cyberwarfare and cybersecurity. Intel is key when fighting a war on the battlefield—you need to know your enemy well so you can prepare effective defense and attack strategies. The same should apply to cyber too; we want our clients to be equipped with accurate intel related to their cyber-adversaries before an actual attack occurs, so they can take actions to protect their systems, data, and people. How do we start to provide predictiveness in the world of cybersecurity when this was never quite available before?
SD: Can you tell me what your flagship product is?
KR: DeCYFIR is cloud-based threat discovery and cyber-intelligence platform designed to empower businesses with the ability to discover threats from the deepest trenches in cyberspace, decode signals from noise to gain useful insights, and apply remedial actions against cyber criminals before an actual attack occurs.
With the DeCYFIR platform, businesses identify potential threats at the early planning stage of cyberattacks. The platform picks up threat indicators as observed in deep/dark web, hackers’ forums, and other closed communities including our own research, and predicts upcoming attacks based on a set of probability mathematical models and analytical engines.
DeCYFIR provides quality intelligence to businesses with information with industry, geography, and technology-specific information. The platform has the unique capabilities to connect the dots between hackers, exploit campaigns, motivations, methods, and attack readiness. All these combined offers businesses complete contextual visibility of their threat landscape.
DeCYFIR redefines quality cyber-intelligence in its unique ability to provide all three layers of insights (strategic, management, and tactical). When the insights are harnessed in totality, business leaders can make accurate decisions and direct scarce cybersecurity resources to mitigate risks according to threat severity.
With DECYFIR, cyber threats and signals are automatically discovered and decoded. These insights are provided in real-time so that security teams are always kept a step ahead of their cyber adversaries.
DeCYFIR consists of several modules, each designed to help businesses strengthen their cybersecurity postures and be better equipped to handle the risks of digitalization:
- Threat Visibility and Intelligence (TVI)
TVI provides a comprehensive multi-dimensional strategic, management, and tactical intelligence and cyber insights. This module answers the WHO, WHY, WHAT, WHEN, and HOW of looming cyber threats, and provide recommendations for remedial actions. With TVI, businesses can predict potential cyberattacks and prevent financial and reputational damage.
- Cyber Situational Awareness (CSA)
Real-time cyber insights, trends, cyber news, technology, regulatory & law, policy changes, emerging cyber-attacks, vulnerabilities, and exploits – all tailored to ensure relevance to a business’s geography, industry, and technology. When equipped with comprehensive and relevant risk telemetry, executives can make business and investment decisions accurately.
- Cyber Incident Analytics (CIA)
Enable businesses to comprehensively respond to security incidents with not only tactical information but also strategic-level insights by mapping associated campaign, hacker’s affiliation, motive, and mechanism. By taking an intelligence-based approach to managing cyber incidents, businesses can prevent the occurrence of similar cyberattacks.
We know cyber-intelligence is the new currency that will power growth and allow businesses to thrive in the post-pandemic digital economy. DeCYFIR’s outside-in approach to personalized and predictive cyber-intelligence is the key enabler to businesses looking at building a solid and future-ready cybersecurity posture.
SD: How does your company stay ahead of the competition?
KR: We are a value-driven company – this refers to our obsession to constantly create value for our clients and to place customer needs and satisfaction at the heart of everything we do. Customer centricity is key, and we strive to deliver the best cyber-intelligence platform to the market. This has resulted in us disrupting a number of traditional cyber-intelligence providers out there. Today, many Fortune 500 clients in the hi-tech manufacturing, financial services, global retail, and food & beverage industries count on DeCYFIR to keep their cyber posture strong and resilient.
SD: What do you feel are the worst cyberthreats today?
KR: As a threat discovery and cyber-intelligence platform company, we work with lots of data and perform research and analysis on some of the world’s most prolific threat actors and cybercriminals. We monitor and study their new acts and campaigns, new capabilities they have acquired, or trying to acquire, as well as their behavior and digital footprint. We have observed trends in the following areas:
- Interest in Intellectual Property
Cybercriminals have always gravitated towards intellectual property. IP has always been attractive to hackers but in the last 12 mths, we are seeing a significant uptick in hacking campaigns targeting a wide range of industries beyond healthcare. There is a clear shift towards exfiltrating IP and research data as incidents of corporate espionage increase. This can be attributed to state-sponsored cybercriminals who are motivated by nationalistic and geopolitical agendas.
- Change in Ransomware Attacks
There is a new breed of ransomware which is fast becoming hackers’ attack method of choice. Earlier ransomware used a two-phased approach where the malware would be injected into the compromised systems to encrypt folders and files, and hackers would demand a ransom before releasing the decryption key. Today, these hackers have formed extortion cartels where data is exfiltrated and thrown into public websites if victims do not pay the hefty ransoms. These “name-and-shame” threats are carried by ransomware gangs who go by “REvil,” “Maze,” “Netwalker,” “DopplePaymer,” among others.
- Exploit Communication Appliances, Devices, and Software
We have started to see cybercriminals trying to exploit VPN, connectivity, and telecommunication appliances. There is a new breed of malware that is built to inject into communication devices to record conversations and send that back to cybercriminals who will use it for further nefarious activities. This is clearly spurred by the increase in remote working where millions of employees are on various video conference tools and accessing sensitive data without the protection of secure corporate networks.
- Digital Powerhouses and Unicorns
Businesses that possess huge personal and customer identifiable information, such as telecommunication companies, online retailers, F&B, and financial institutions are attractive targets for hackers. In recent times, digital companies and start-ups unicorns who possess a vast amount of personal, customer, and financially identifiable information are drawing the attention of cybercriminals. The stolen data can be quickly monetized in dark web marketplaces and used for a multitude of criminal activities.
- Covid19-Themed Phishing Attacks
Phishing attacks have increased significantly this year. Cybercriminals are using a myriad of social engineering techniques to lure unsuspecting individuals into releasing private and sensitive information. Phishing emails masquerade as company leaders or government authorities have been making their way around the internet. A case in point was the huge campaign by N. Korean state-sponsored hackers called “Lazarus Group” targeting six countries and 5 million email accounts. The hacking campaign involved using phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support initiatives. These phishing emails were designed to drive recipients to fake websites where they would be deceived into divulging personal and financial information.