CISA opens its malware analysis and threat hunting tool for public use | CSO Online

The US Cybersecurity and Infrastructure Security Agency (CISA) is opening a government tool for analyzing malware to all.

Malware Next-Gen is already used by US government agencies to submit malware samples and other suspicious artifacts for examination by CISA analysts in a secure environment, and can now be accessed by organizations and individuals who create a login.gov account and complete a one-time registration to access the system,.

The malware analysis tool has been available to .gov and .mil organizations since November 2023, during which time almost 400 registered users have submitted more than 1,600 files, CISA said, enabling the identification of around 200 suspicious or malicious files and URLs.

Tools like CISA’s Malware Next-Gen are invaluable assets in the fight against cybercrime, particularly in a world where data is the new currency, according to Sakshi Grover, research manager at IDC.

“AI/ML techniques are being widely exploited by attackers to craft sophisticated malware, bypass security systems, and execute large-scale automated attacks, potentially leading to evasive and impactful cyber incidents,” said Grover. “The comprehensive data repository amassed by CISA’s Malware Next-Gen tool serves as a valuable resource to enrich AI-powered threat-hunting capabilities. It can also help future enterprises, to protect themselves against existing and unknown attacks.”

CISA said Malware Next-Gen is currently providing malware analysis support to all US federal, state, local, tribal, and territorial governmental agencies. Analysis is performed by a combination of static and dynamic analysis tools in a secure environment and results are available in PDF and STIX 2.1 data formats.

While the service has been made publicly available, CISA is enforcing account registration in order to be able to access the analysis. Any user (and organizations) can submit a threat sample for analysis, but will need to register to see the analytical results from submissions.

“Please note, the Malware Next-Gen Analysis platform is a U.S. government computer and information system,” the agency wrote in an explainer for the tool. “To receive analysis of any malware samples you submit to this system, you will need to create a user account and consent to monitoring of your activities. Access to this system is restricted to authorized users only and subject to rules of behavior.”

Users who wish to submit malware samples without registering will have to use the “Anonymous submission” option on the login page. Although available behind a “sign-up” wall, the public availability of the tool is being received positively by the cybersecurity community.

“This CISA malware analysis tool will help democratize cybersecurity,” said Pareekh Jain, chief analyst at Pareekh Consulting. “While large organizations have access to sophisticated resources, small organizations and individuals often suffer due to a lack of access and an inability to implement cybersecurity effectively. With this tool, anyone can access sophisticated analyses of any malware content in files or URLs.

Shweta Sharma is a senior journalist covering enterprise information security and digital ledger technologies for IDG’s CSO Online, Computerworld, and other enterprise sites.