From past to present, malware has been the most effective and indispensable weapon of cyberattacks, and with the development of technology, malware has also developed. With the development of measures and detection systems, malware has gained the ability to circumvent or not to detect these systems. Today, it is clear to everyone that many target-oriented or target-independent cyber attacks are carried out with advanced malware.

Malware, which is the tool of cyber attacks created with multiple different motivations, causes serious damage to systems and processes. As a result of the damages faced by institutions and organizations; financial losses, process and work flow disruptions, commercial or corporate information losses and most importantly, reputation losses are experienced.

UITSEC MADC

Malware Analyze & Defence Center aims to detect a possible malware attempt by monitoring the systems 24/7 by tracking them accurately and quickly. In addition, it is aimed to protect, improve, rebuild and develop systems. The following services are provided within the Malware Analyze & Defense Center;

• • Warning and Notification Service: Providing guidance for the execution of notifications of attacks and threats made with malware, informing about potential or emerging security issues, protection or recovery of affected systems.

• • Incident Management Service: Analyzing interventions and incidents by gathering evidence about malware, taking various steps to protect affected systems, creating response strategies related to incidents, monitoring security breached systems, providing incident response support, coordinating between affected parties for incident response.

• • Malware Awareness Service: It covers the malware awareness study to be created with the information provided by a center where current malware techniques and methods are analyzed 24/7. Monitoring and tracking current trends plays an active role in addressing critical vulnerabilities on the system that may be affected by malware.

Role distributions must also be done correctly in order for Malware Analyze & Defense Center to be installed and operated correctly. Establishing an effective organizational flow is the most important element.

Organization Flow

Malware Analyze & Defence Center Manager: The MADC manager is responsible for the management of all MADC operations. He/she reviews all MADC policies and procedures. He/she manages the team and measures staff performance.

SOC Manager: The SOC manager is responsible for the management of all SOC operations. The SOC administrator reviews all SOC policies and procedures. He/she manages the team and measures staff performance.

Malware Analyze & Defence Center Coordinator: MADC Coordinator is responsible FOR all MADC units and operations. He/she manages the units and the team and plays a key role in ensuring that the units take the right actions.

Malware Researcher: The researcher is responsible for examining and investigating malware detected by MADC systems. He/she reports security developments or problems to management.

Monitoring Team Leader: The team leader supervises the actions and solutions taken by the monitoring team during the current network monitoring activity, ensuring that the process is carried out uninterruptedly 24/7.

Malware Monitoring Team: The monitoring team monitors all networks and analyzes traffic on these networks. The team uses a variety of tools to identify potential malware threats or attempts.

Incident Response Manager: He/she is responsible for accurately reporting the initiatives detected by the monitoring team. He/she also provides support in determining the actions to be taken after notifications.

Be Prepared Against APT Attempts!

Targeting critical infrastructures with cyber attacks will be in question in the future as in the past and today. The APT approach, which is goal-oriented and equipped with strong motivations, developed and poses permanent threats on the goal (Advance Persistent Threat), targets many institutions and organizations. It is known that these approaches generally choose the following grounds for themselves.

• • Government agencies
• • Finance
• • Telecom
• • Health
• • Energy
• • Tourism
• • Entertainment
• • Press and Media
• • Production
• • Political Parties
• • Information technologies
• • Hi-Tech
• • Educational institutions
• • International Civil Organizations

Examining the malware used during the relevant initiatives ensures that institutions and organizations are prepared and safer against future APT approaches. Investigation of detected malware by researchers enables the identification of target-oriented initiatives written specific to the institution or organization.

Malware detected on your system, which is monitored 24/7 with Malware Analyze & Defence Center, is examined due to the possibility ofAPT interventions. Within the framework of the analyzes, it is tried to determine the motivation and threat actor of the malware. The frameworks used in the studies are as follows.

Advanced Static Malware Analysis

Advanced Static Malware Analysis covers technical analyses performed without operating the malware. As a result of the reverse engineering and code analysis studies carried out, the harmful activities are identified and reported.

With the techniques used in the reverse engineering phase, the assembly code can be read and the work flow of the program can be revealed. It can reveal the intent of the program by following the instructions on the Assembly. The titles and functions of the file may contain important details. They also organize studies to make it difficult to identify professional attackers and attacker groups who know that these and similar techniques are used. Today, many harmful activities that traditional tools cannot detect are detected by malware researchers.

Malware detected by Malware Analyze & Defense Center is specifically examined by malware experts for institutions and organizations. Considering that the statically examined malware has previously been used in different attacks and attempts or it is a malware specially written for the target-oriented institution; notifications are made against suggestions, solutions and measures that can be taken.

During advanced malware analysis, the writing stage and character of the malware are also analyzed by malware researchers. Almost all malware is written by professionals, unlike automated tools. The steps taken or the mistakes made in the creation phases of malicious software contain serious details about their motivation.

Dynamic Malware Analysis

Dynamic Malware Analysis involves examining the action and behavior on a sample and similar system by running the suspicious file. Thanks to dynamic malware analyzes performed on sample and similar systems called "Sandbox", it is clearly observed what kind of damage the malware will cause on real systems.

Thanks to the Dynamic Malware Analysis, the network movements created by the malicious software can be monitored and the systems with which it communicates can also be detected. Conducting these and similar studies plays an important role in determining the profiles of threat actors and taking precautionary measures before future initiatives.

Special Precautions for the Special Threats!

With Malware Analyze & Defence Center, it is aimed to detect malware with the rules created for malware specific to your system, which is monitored 24/7. As a result of the cyber threat intelligence studies, special rules are created for the systems, including the newest malware activities detected, and with these rules, all systems are scanned and malware activity is carried out.

Grouping the malware specially prepared for the sectors and taking special measures for the sector you are in brings significant success in the studies carried out. As a result of the researches, it is known that analyzing the sectoral threats and taking measures reduces the likelihood of being affected by cyber attacks by 70%.

The MADC service will assist your security processes by:

• • 24/7 Malware monitoring and detection,
• • Analyzing advanced malware techniques and methods used by attackers,
• • Possibility to identify attacker profiles and take preemptive measures,
• • Opportunity to take pre-emptive measures against APT approaches,
• • Performing detailed analysis specific to the organization on target-oriented threats,
• • Obtaining useful information about the overall security of the organization.

UITSEC offers a unique operational service and security awareness. The UITSEC Malware Analyze & Defense Center team consists of highly experienced consultants, analysts and experts. It leverages modern tools to detect team threats or incidents that utilize techniques with the next-generation method to collect threat data.