CISA introduces Malware Next-Gen analysis system with improved scalability, threat hunting capabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched on Wednesday a new version of its malware analysis system, Malware Next-Gen. This system enables organizations to submit malware samples and suspicious artifacts for analysis. By automating the analysis of newly identified malware, Malware Next-Gen enhances CISA’s ability to support its partners and strengthen cyber defense efforts.

CISA’s Malware Next-Generation ‘Next-Gen’ Analysis platform provides automated malware analysis support for U.S. federal, state, local, tribal, and territorial government agencies. Analysis is performed by a combination of static and dynamic analysis tools in a secure environment and results are available in PDF and STIX 2.1 data formats.

Since November, Malware Next-Gen has been available to [dot]gov and [dot]mil organizations. Nearly 400 registered users have submitted more than 1,600 files resulting in the identification of approximately 200 suspicious or malicious files and URLs, which were quickly shared with partners. While members of the public may submit a malware sample; only authorized, registered users can receive analytical results from submissions.

Timely, actionable intelligence on malware, such as how it works and what it is designed to do, is crucial to network defenders conducting potential cyber incident response and/or threat hunts.  Malware Next-Gen provides advanced and reliable malware analysis on a scalable platform, capable of meeting the increasing demands of future workloads. The integrated system provides CISA analysts and operations community members with multilevel containment capabilities for the automatic analysis of potentially malicious files or uniform resource locators (URLs).

“Effective and efficient malware analysis helps security professionals detect and prevent malicious software from enabling adversary access to persistence within an organization. Malware Next-Gen is a significant leap forward in CISA’s commitment to enhancing national cybersecurity,” Eric Goldstein, executive assistant director for cybersecurity at CISA, detailed in a media statement. “Our new automated system enables CISA’s cybersecurity threat hunting analysts to better analyze, correlate, enrich data, and share cyber threat insights with partners. It facilitates and supports rapid and effective response to evolving cyber threats, ultimately safeguarding critical systems and infrastructure.”

The Malware Next-Gen analysis platform is a U.S. government computer and information system. To receive analysis of malware samples submitted to this system, users are required to create a user account and consent to monitoring of activities. Access to this system is restricted to authorized users and is subject to rules of behavior. Unauthorized access, exceeding authorized access, or violating system rules may result in punitive actions, including being barred from Malware Next-Gen, as well as civil or criminal penalties.

Registered users accessing Malware Next Gen acknowledge and consent to accessing a U.S. government information system, including the computer, the computer network, all computers connected to the network, and all devices and storage media attached to the network or a computer on the network. The information system is provided for U.S. government-authorized use only. Unauthorized or improper use of this system may result in disciplinary action, as well as civil and criminal penalties. 

By using this information system, users understand and consent to the fact that there is no reasonable expectation of privacy regarding communications or data transiting or stored on this information system. The government may monitor, intercept, and search any communication or data transiting or stored on this information system at any time and for any lawful government purpose. Additionally, any communications or data transiting or stored on this information system may be disclosed or used for any lawful government purpose.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.