In 2013, the President addressed the data security crisis through issuance of an Executive Order entitled Improving Critical Infrastructure Cybersecurity (“EO”). A fundamental objective of the EO is to increase information sharing among government agencies and private sector business so the private sector is better able to defend against cyber threats.
To that end, the federal government’s chief law enforcement agency, the Federal Bureau of Investigation (FBI), has announced that its Malware Investigator portal, which had been available only to law enforcement and government entities, will soon be accessible by private sector businesses. The FBI explained why it is expanding the group of permitted users:
Malware is the chief instrument of cyber attacks today. Following the exponential growth of malware variants in the past ten years, organizations dedicated to reducing cyber incidents must have a means to quickly understand the functionality and characteristics of suspicious files, and also have the ability to collaborate these results with others. Whether it be for law enforcement officers pursuing cyber criminals, IT professionals seeking to mitigate attacks, or researchers understanding the cyber threat landscape, Malware Investigator provides its users with a powerful system to help accomplish these goals.
How does Malware Investigator work? According to a University of Florida newsletter, Malware Investigator analyzes threats through “sandboxing, file modification, section hashing, correlation against other submissions and the FBI’s own entries concerning viruses and malware reports.” The University of Florida newsletter goes on to say that “Windows files and common file types can currently be analyzed, but this will expand to include other file types in the near future.”
The FBI understands that time is of the essence when such a threat presents itself: “IT professionals must react nimbly to potential issues, but can only make well informed decisions when they can quickly understand the potential threat to their systems.” Thus, the FBI claims that “within as little as an hour,” users of Malware Investigator can receive “detailed technical information about what the malware does and what it may be targeting.”
Another nice feature of Malware Investigator is its anonymity. As reported by Threatpost, users “won’t have to share any personal information in order to use the portal. You don’t have to share anything you don’t want to. No one will know who you are unless you want them to.”
If all this is true, Malware Investigator can be a valuable weapon in a data security arsenal. The FBI has also promised to share the results of its Malware Investigator research with private sector businesses. We will update MFT Nation readers with these results as and when they are released. In the interim, please submit a comment with your thoughts, feelings or experiences with Malware Investigator.