In an interview with TimesTech, Cyfirma’s founder, Kumar Ritesh, discusses how their innovative DeCYFIR platform provides unparalleled cybersecurity protection. By integrating multiple intelligence facets into a single platform, Cyfirma equips organizations and governments with early warnings and actionable insights to mitigate digital threats effectively.
Read the full interview here:
TimesTech: Could you elaborate on how Cyfirma’s DeCYFIR provides customers with a competitive advantage in the realm of cybersecurity?
Mr Ritesh: DeCYFIR is the world’s first external threat landscape management platform providing attack surface discovery, vulnerability intelligence, brand intelligence, digital risk monitoring, situational awareness, cyber-intelligence and third-party risk monitoring on a single pane of glass. CYFIRMA has harnessed the power of our unified 7-pillar approach to deliver holistic protection against digital attacks to companies and government bodies. Our approach is underpinned not only on our unmatched ability to identify threats through our vast collection engines and threat monitoring capabilities but our innate ability to also correlate these threats to associated threat actors, hacktivists, and anarchists to quantify the immediate and aggregated risks to organizations and individuals.
The intelligence gathered during this process is actionable and is directly linked to maintaining operational resilience of organizations, stability of government agencies / bodies and ultimately the harmony of events such as sporting matches, rallies, cultural festivals, community events and public gatherings where there is a direct human and kinetic impact to the intelligence gathered.
Our experience in protecting this broad spectrum of entities, bodies and individuals has been diverse and enriching, encompassing work with corporate clients, government agencies, non-profit organizations, and high-profile individuals. Our actionable intelligence in the corporate sector has successfully stopped ransomware attacks and corporate espionage campaigns, uplifted cyber controls and strengthened the overall risk profile and operational resilience of organizations.
While for government bodies and military, our intelligence has been used to stop state sponsored threat actors exfiltrating sensitive data and to enable senior decisions-makers to confidently make informed, intelligence-led decisions on where, when and how to mobilize resources at the country-wide level to protect against cyber threats focused on espionage, operational disruption, misinformation and brand tarnishing. Our intelligence has been used to identify and takedown sites, channels and content focused on misinformation, extremist propaganda and the spread of false narratives, particularly those that pose immediate security risk and public unrest.
TimesTech: What specific methods does Cyfirma employ to collect intelligence from hackers’ forums that are typically inaccessible to other entities?
Mr Ritesh: We employ sophisticated AI-powered techniques to systematically scour the deep and dark web, including closed and private forums frequented by hackers. This allows us to access information that might not be readily available through conventional means. Our platform utilizes deep learning and NLP algorithms to sift through vast amounts of unstructured data from hackers’ forums. This enables us to identify relevant discussions, trends, and potential threats hidden within the noise. Using our proprietary threat intelligence platform, we equip customers with advanced data analytics capabilities, where we can aggregate, correlate, and analyze data from diverse sources, including hackers’ forums. Our platform enables us to extract valuable intelligence and provide timely alerts to our clients. By employing these methods in combination, CYFIRMA is able to access and analyze intelligence from hackers’ forums that may otherwise remain hidden, providing our clients with invaluable insights to enhance their cybersecurity posture and mitigate risks effectively.
TimesTech: How has Cyfirma assisted companies in their fight against cybercrime on an international level, and can you provide any notable examples?
Mr Ritesh: Global COVID-19 Phishing Campaign By North Korean Operatives Exposed
In 2020 Cyfirma helped multiple countries to trace the cyberattackers.
Hacker groups are planning a large-scale phishing campaign targeted at more than 5 million individuals and businesses (small, medium, and large enterprises) across six countries and multiple continents.
CYFIRMA researchers have been tracking the Lazarus Group, a known hacker group sponsored by North Korea, for many years. Investigations into the group’s activities have revealed detailed plans indicating an upcoming global phishing campaign.
There is a common thread across six targeted nations in multiple continents — the governments of these countries have announced significant fiscal support to individuals and businesses in their effort to stabilize their pandemic-ravaged economies.
The Lazarus Group’s upcoming phishing campaign is designed to impersonate government agencies, departments, and trade associations who are tasked to oversee the disbursement of the fiscal aid.
The hackers plan to capitalize on these announcements to lure vulnerable individuals and companies into falling for the phishing attacks.
Given the potential victims are likely to be in need of financial assistance, this campaign carries a significant impact on political and social stability. CYFIRMA researchers first picked up the lead on June 1, 2020, and have been analyzing the planned campaign, decoding the threats, and gathering evidence. Evidence points to hackers planning to launch attacks in six countries across multiple continents over a two-day period. Further research uncovered seven different email templates impersonating government departments and business associations.
As of time of reporting (18 Jun), we have not seen the phishing or impersonated sites defined in the email templates. But our research shows the hackers were planning to set that up in the next 24 hours. We also observed that hackers are planning to spoof or create fake email IDs impersonating various authorities.
The CYFIRMA full report contains the phishing campaign scheduled launch dates in each of the 6 countries that are being targeted — USA, UK, Japan, India, Singapore, and South Korea. The report also illustrates the hacking theme against each country with screenshots of actual email messages. Lazarus Group’s well-thought-out sophisticated plan includes personalized email templates designed for each country. The cybercriminals seem to have invested significant effort to ensure each of these emails are relevant to the country’s context. This way they can increase their phishing campaign’s success rate.
CYFIRMA’s assessment is also corroborated by public tools like VirusTotal and AlienVault OTX.
TimesTech: Could you discuss the key findings or insights from Cyfirma’s India Threat Landscape report regarding the increase in cyber-attacks over the past three years?
Mr Ritesh:
- India is the most targeted country with 13.7% of all cyber-attacks directed at it
- US, Indonesia and China are next 3 most targeted countries by threat actors
- Govt agencies across nations emerge as the topmost target with 95% of the cyber-attacks aimed at them
- State sponsored cyber-attacks increased by 100% on India in 2022
- Healthcare sector most targeted in India followed by education, research, govt and military sectors
TimesTech: Considering your diverse background in both the public and private sectors, including roles in a national intelligence agency, IBM Research, PwC, and a global mining company, how do you leverage these experiences to lead Cyfirma effectively?
Mr Ritesh: My diverse background in both the public and private sectors equips me with a unique set of skills and experiences that I leverage to lead CYFIRMA effectively. My experience in a national intelligence agency provides deep insights into the strategies and tactics employed by threat actors, including state-sponsored adversaries. This understanding allows me to shape CYFIRMA’s threat intelligence offerings to address emerging cyber threats effectively, including those with geopolitical implications.
Having worked at IBM, I bring a wealth of knowledge in technology and innovation to CYFIRMA. This enables me to understand the latest advancements in cybersecurity technologies and how they can be applied to enhance CYFIRMA’s solutions, ensuring that the company remains at the forefront of the industry.
My tenure at PwC has honed my skills in consulting and advisory, enabling me to provide strategic guidance to CYFIRMA’s clients. I understand the challenges faced by organizations across different sectors and geographies, allowing me to tailor CYFIRMA’s offerings to meet their specific needs and objectives.
Additionally, my global mining industry experience has provided me with valuable insights into managing complex business operations across diverse regions. I bring a pragmatic approach to leadership, focusing on driving growth, fostering innovation, and delivering value to CYFIRMA’s stakeholders. My ability to leverage experiences across different domains allows CYFIRMA to innovate, adapt, and thrive in an increasingly complex and dynamic cybersecurity landscape.
TimesTech: In what ways does Cyfirma differentiate itself from other cybersecurity firms in the industry, particularly in terms of its approach to threat intelligence and cybersecurity solutions?
Mr Ritesh: CYFIRMA has defined a new category in cybersecurity called ‘ETLM’ (external threat landscape management) and has developed the world’s first external threat landscape management platform called DeCYFIR. DeCYFIR arms governments and businesses with personalized intelligence where insights are tailored to their industry, geography and technology. DeCYFIR provides clients with multi-layered intelligence covering strategic, management and operational insights. DeCYFIR’s ability to combine cyber-intelligence with attack surface discovery, vulnerability intelligence, brand intelligence, situational awareness, digital risk protection and third-party risk monitoring on a single pane of glass sets it apart from the competition. Clients receive insights that enable them to conduct effective intelligence hunting and attribution, connecting the dots between hacker, motive, campaign and method to gain a comprehensive view of their threat landscape. With DeCYFIR, clients receive early warnings of impending cyberattacks so they can act quickly to avoid a breach. DeCYFIR is designed to meet the stringent demands of CISOs, CROs, and Security Operations teams.
Unlike other firms, CYFIRMA provides complete contextual intelligence covering strategic, management, and operational levels. This eliminates the need for multiple tools and enables seamless correlation and attribution of threats. CYFIRMA’s proprietary algorithms and probability models enable early detection of potential attacks, offering clients invaluable early warnings to mitigate risks effectively. CYFIRMA’s vulnerability management program offers an outside-in view, quickly identifying critical vulnerabilities and their connections to exploits, campaigns, and threat actors, providing actionable insights for remediation. CYFIRMA empowers organizations with proactive intelligence hunting capabilities, allowing them to uncover hidden threats and adversaries within their networks before they cause harm. CYFIRMA’s platform streamlines incident response processes, enabling organizations accelerated analysis and response to security incidents, minimizing damage and downtime. CYFIRMA connects the dots between cyber campaigns, threat actors, and attack methods, providing organizations with a comprehensive risk dossier to enhance their cybersecurity posture. CYFIRMA’s platform offers enhanced digital risk discovery, going beyond traditional products by providing comprehensive attack surface discovery and deep-level data analysis, enabling better risk assessment. CYFIRMA delivers personalized views of industry, technology, and geographical risks, reducing noise and false positives for clients and ensuring relevant and actionable intelligence.
Overall, CYFIRMA’s innovative approach and comprehensive solutions set it apart in the cybersecurity industry, empowering organizations to stay ahead of cyber threats and protect their digital assets effectively.