Prevailion Omega exposes previously undetected malware blind spots in the cloud

Prevailion launched Omega, a new cybersecurity capability for enterprises and governments that exposes and validates previously undetected active malware compromises – including ransomware – across cloud deployments and remote workforce assets.

“As a growing remote workforce has fueled investment in cloud infrastructure, threat actors are using the ‘black box’ nature of these SaaS deployments to stay hidden from modern security tools and to proliferate ransomware and other attacks,” said Karim Hijazi, CEO of Prevailion. “The current methodology for monitoring and securing cloud workflows and remote workers paints an incomplete picture that limits an organization’s ability to improve its overall security posture and reduce its risk.”

Prevailion’s Omega technology addresses this fundamental visibility challenge in the cloud by accurately detecting malware that evades other security solutions. For the first time, security teams can now see beyond the cloud or ISP to track malware infections that leverage dynamic and obfuscated IP addressing. This rapid detection can successfully prevent the encryption stage of a ransomware attack from taking place, in addition to other significant events like data theft, even after an organization’s assets have already been infected.

Prevailion’s existing solutions are already unique in their approach to infiltrating and monitoring the attacker’s command-and-control (C2 or CnC) servers and communications to covertly expose malware infections from the threat actor’s point-of-view. They also do not require any physical presence or access to an organization’s network when helping to evaluate its immediate risk of damage or loss based on existing blind spots.

This approach empowers security teams to understand active risks and threats to their environments that have gone undetected and it allows them to continuously improve their security posture against future threats. In addition, Prevailion’s solutions can monitor existing or potential supply chain partners for changes in their security posture and provide visibility into an organization’s potential risk of a security incident.

Omega collects critical metadata from the malware payload, including:

• Victim IP address
• Destination IP address
• Port
• Protocol
• UUID
• UserAgent
• Username
• Password
• PC name
• OS type (Windows, macOS)
• C2 domain
• Malware type
• Threat actor
• Malicious beacon activity (total number and frequency)

Prevailion’s advanced solutions are powered by a global cloud-based sensor network, Prevailion’s Adversary Counterintelligence Team (PACT) and its unique command-and-control infiltration process. The ability to “follow” the malware from the attacker to the organization itself can provide an understanding of blind spots in current security coverage and an unprecedented level of insights into how and what the attacker is doing as part of its attack campaign.

This type of malware visibility and validation is provided to security teams to reduce the time and effort it takes to identify the true nature and severity of the attack and accelerate immediate response to threats before full detonation.