Malware threats are born, and they may fade, but the most effective – and lucrative – evolve and grow. Successful malware remains in the wild for years with new variants appearing, their growth and distribution changing and expanding.
Malware-as-a-Service is increasingly common. Malware kits, or source code, can now be purchased often with professional support. Malware authors have become experts at adapting their tactics and techniques to enable their products to spread faster and infect more. One hacker group (REvil) recently claimed to have made more than $100million from ransomware.
The importance of sharing data
To combat the growth in malware, the cyber-security industry needs an effective methodology to share information.
Sharing information on threats enables security vendors to identify zero-day threats and variants of existing malware. Sharing enables the industry to rapidly analyze malware. We can learn how malware evolves and understand the infection techniques used. All of this enables us to protect our partners and customers quickly and effectively.
For years, anti-malware providers, vendors, and CERTs have collaborated, exchanging samples of prevalent malware. However, the lack of a common platform means that the existing sample exchange programs are not always efficient or effective.
The lack of a central place to exchange prevalent threat data between parties, ideally from a single unique submission, reduces the industry’s ability to protect customers and partners alike.
Access the Real-Time Threat List from AMTSO
Most major anti-malware providers are already members of the Anti-Malware Testing Standards Organization (AMTSO). Recognizing the challenge created by the lack of a single sharing platform, AMTSO has opened its Real-Time Threat List (RTTL) to submissions by non-member organizations.
The Real-Time Threat List now enables malware samples and related telemetry to be shared industry-wide. It provides a source of high-quality, prevalent, real-world samples for testing purposes, including data on the regional and industry-vertical distribution.
A single reporting system for the industry
The RTTL service is now open to to individual threat researchers, CERTs and non-member security organizations.
Samples are submitted using an API, with tools to assist in the automation of upload. Attaching metadata to samples, such as prevalence (how often a given sample has been observed in the wild), or other factors such as geolocation is beneficial. However, samples on their own are also of value. RTTL also offers support for the open-source MISP format.
If you are interested and you would like to know more, please email AMTSO for more information.
Alexander Vukcevic is the Director of Protection Labs and QA at Avira, and the CTO of AMTSO
Want to comment on this post?
We encourage you to share your thoughts on your favorite social platform.