The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced “Malware Next-Gen,” a new service for malware analysis open to all U.S. organizations, businesses, and security-conscious citizens. Interested participants can submit malware directly to CISA for further analysis. The news comes as CISA seeks to strengthen U.S. critical infrastructure amidst increased nation-state hacking campaigns from China.
The malware analysis platform was initially targeted to support U.S. federal, state, local, tribal, and territorial organizations. However, the agency pivoted to widen submission and analysis to all U.S. entities and persons to better protect U.S. cybersecurity.
“Malware Next-Gen allows CISA to more effectively support our partners by automating the analysis of newly identified malware and enhancing the cyber defense efforts,” the agency said.
CISA Malware Analysis aims to protect U.S. critical infrastructure
CISA Executive Assistant Director for Cybersecurity Eric Goldstein said, “Our new automated system enables CISA’s cybersecurity threat hunting analysts to better analyze, correlate, enrich data, and share cyber threat insights with partners. It facilitates and supports rapid and effective response to evolving cyber threats, ultimately safeguarding critical systems and infrastructure.”
The public sector has already significantly benefited from Malware Next-Gen.
According to the announcement, nearly 400 users have submitted over 1,600 files. This has identified approximately 200 suspicious or malicious files and URLs.
If you think opening the tool up to public access could introduce (ironically) a vulnerability, CISA is limiting actual threat intelligence sharing based on public submissions.
“While members of the public may submit a malware sample; only authorized, registered users are able to receive analytical results from submissions,” the announcement states.
It’s assumed some sort of curation of the malware analysis samples will occur before being shared with the public, private, and the general public.
How to submit malware samples
Submissions to the analysis platform will require a registered account with Login.gov if a detailed malware analysis report is expected.
Otherwise, CISA will accept anonymous malware sample submissions by using this portal submission form. Results will not be shared back to the submitter, since the submission is anonymous.
We’ll report more on this as it develops.
