User Experience Enhancements
Expansion of Activity Descriptions
Activity Descriptions provide more context and help with understanding and security implications of suspicious Activities. With this update, we are expanding the coverage to a vast majority of Activities in our catalog.
New Confirmed Threats
In July, Cognitive Intelligence in cooperation with Cisco Talos focused on high-risk threats observable in our telemetry. Thanks to the improvement made to our Machine Learning Cybersecurity Platform (see Machine Learning Backend Improved) we have added 8 net-new Confirmed Threat types (see the list below) and increased coverage for a bigger variety of previously existing Confirmed Threats.
Sample finding of Ponystealer trojan (Confirmed Threat ID CTAL0155)
List of new Confirmed Threat types in July:
Confirmed Threat ID |
Name |
Category |
Risk |
Description |
CTAL0059 |
Neutrino |
banking trojan |
High |
Neutrino malware targets point of sale (PoS) terminals. This family is known for using anti-sandbox techniques to hinder automatic analysis. |
CTAL0097 |
Trickbot |
banking trojan |
High |
Trickbot (aka Trickster) banking Trojan targeting sensitive information for select financial institutions, frequently distributed through malicious spam campaigns. |
CTAL0155 |
Ponystealer |
information stealer |
High |
Ponystealer Trojan which is known to be able to steal credentials from over 100 different applications and may also install other malware such as a remote access trojan (RAT). |
CTAL0051 |
Unsafe |
trojan |
High |
Unsafe that is a Windows trojan. Collects system information, downloads/uploads files and drops additional payload. |
CTAL0056 |
Quackbot |
information stealer |
High |
Qakbot Trojan malware family which targets Windows OS, may have rootkit capability, can spread through network shared drives and removable storage devices. Threat may open a backdoor to track user activity, steal data and device information, or download malicious code. |
CTAL0042 |
MSILPerseus |
information stealer |
High |
MSILPerseus Trojan steals information and passwords from infected devices, has backdoor capabilities, and can deliver additional malware. |
CTAL0041 |
Khalesi |
information stealer |
High |
Khalesi is capable of stealing credentials stored in common browsers, cryptocurrency wallets and data from messaging apps (such as Skype and Telegram). Usually delivered through exploit kits and spam emails. |
Miscellaneous Improvements
Auto-cleanup of incomplete incidents
We have identified a usability problem in the life cycle of Incidents. It could happen that due to the timeout of key suspicious activities that form an Incident, some Incidents could become obsolete yet still displayed in the user interface but missing the proof points in the form of suspicious activities. The incidents with expired anomalous activities are now automatically cleared.
Leveraging Cognitive Intelligence
Cognitive Intelligence capabilities are available to AMP customers with a compatible web proxy such as the Cisco Web Security Appliance, and all Stealthwatch Enterprise customers. Reach out to your account executive to learn how to turbocharge your existing cybersecurity investment with Cognitive.