Latest news with #RecordedFuture
Korea Herald
29-04-2025
- Business
- Korea Herald
Recorded Future AI Passes the Malware Turing Test
Patent Pending Malware Intelligence uses AI-driven dynamic analysis, Auto YARA, and plain English search to outpace AI-weaponized malware in real time. BOSTON, April 29, 2025 /PRNewswire/ -- The world's largest intelligence company, Recorded Future [1], today announced Malware Intelligence, which includes breakthrough, patent-pending capabilities that enable proactive threat prevention by automating the identification of emerging malware threats, accelerating threat hunting, and streamlining incident response. By connecting malware samples to threat actor infrastructure, attack patterns, and the global threat landscape, Malware Intelligence delivers real-time insights that empower security teams to stay ahead of fast-moving threats with greater speed, context, and precision. As attackers rapidly weaponize AI and automation to modify malware at scale, traditional defenses are falling behind—over 70 ransomware variants emerged in late 2024 alone. Malware Intelligence counters this with AI-driven detection that identifies 1.5M+ unique malware samples daily and combines Auto YARA, plain English querying, and dynamic analysis to match or surpass expert-level human analysts—making it the first system of its kind to pass the Malware Turing Test. Powered by the Recorded Future Intelligence Graph and 15+ years of adversary data, it connects malware samples to threat actors, infrastructure, and vulnerabilities, automating detection and revealing how threats fit into broader campaigns. "Malware is evolving at an unprecedented rate, with attackers leveraging automation and AI to create new variants faster than traditional security measures can keep up. Security teams need more than just isolated detection—they need intelligence that connects malware to its broader context. Malware Intelligence provides automated detection engineering, real-time malware tracking, and rapid response capabilities, ensuring defenders can stay ahead of emerging threats with speed and precision." - Jamie Zajac, VP of Product at Recorded Future Key capabilities of Malware Intelligence include: "Recorded Future's Malware Intelligence has transformed the way we hunt threats. With natural language processing, we can search in plain English, easily map TTPs, with the option for analysts to build both broad and targeted queries, and identify adversaries using similar tactics. It helps us move beyond IOCs to gain a deeper understanding of threats—strengthening our defenses and streamlining threat hunting." — Mark Paranto, Cyber Defense Senior Threat Hunter, SAP Malware Intelligence is now available to purchase to all current and prospective Recorded Future customers. Visit booth S-926 at RSA Conference 2025 for a demo or learn more at To dive deeper into Malware Intelligence and see it in action, join our live webinar on April 29 at 8 AM PST / 11 AM EST. Register here: [ ] About Recorded Future Recorded Future is the world's largest threat intelligence company. Recorded Future's Intelligence Cloud provides end-to-end intelligence across adversaries, infrastructure, and targets. Indexing the internet across the open web, dark web, and technical sources, Recorded Future provides real-time visibility into an expanding attack surface and threat landscape, empowering clients to act with speed and confidence to reduce risk and securely drive business forward. Headquartered in Boston with offices and employees around the world, Recorded Future works with over 1,900 businesses and government organizations across more than 80 countries to provide real-time, unbiased and actionable intelligence. Learn more at
Cision Canada
29-04-2025
- Business
- Cision Canada
Recorded Future AI Passes the Malware Turing Test
Patent Pending Malware Intelligence uses AI-driven dynamic analysis, Auto YARA, and plain English search to outpace AI-weaponized malware in real time. BOSTON, April 29, 2025 /CNW/ -- The world's largest intelligence company, Recorded Future [1], today announced Malware Intelligence, which includes breakthrough, patent-pending capabilities that enable proactive threat prevention by automating the identification of emerging malware threats, accelerating threat hunting, and streamlining incident response. By connecting malware samples to threat actor infrastructure, attack patterns, and the global threat landscape, Malware Intelligence delivers real-time insights that empower security teams to stay ahead of fast-moving threats with greater speed, context, and precision. As attackers rapidly weaponize AI and automation to modify malware at scale, traditional defenses are falling behind—over 70 ransomware variants emerged in late 2024 alone. Malware Intelligence counters this with AI-driven detection that identifies 1.5M+ unique malware samples daily and combines Auto YARA, plain English querying, and dynamic analysis to match or surpass expert-level human analysts—making it the first system of its kind to pass the Malware Turing Test. Powered by the Recorded Future Intelligence Graph and 15+ years of adversary data, it connects malware samples to threat actors, infrastructure, and vulnerabilities, automating detection and revealing how threats fit into broader campaigns. "Malware is evolving at an unprecedented rate, with attackers leveraging automation and AI to create new variants faster than traditional security measures can keep up. Security teams need more than just isolated detection—they need intelligence that connects malware to its broader context. Malware Intelligence provides automated detection engineering, real-time malware tracking, and rapid response capabilities, ensuring defenders can stay ahead of emerging threats with speed and precision." - Jamie Zajac, VP of Product at Recorded Future Key capabilities of Malware Intelligence include: Real-time Threat Correlation – Correlates 1.5M+ unique malware samples daily using the Intelligence Graph to automate detection AI-Generated Rule Automation (Auto YARA) – Eliminates manual rule development with AI-generated YARA rules tailored for evolving threats Dynamic Analysis at Scale – Tracks and adapts to evolving malware behaviors, ensuring detection keeps pace with AI-weaponized threats and emerging TTPs. Plain English Querying – Allows any analyst to hunt and investigate malware without complex syntax, democratizing advanced detection. Accelerated Incident Response – Cuts threat identification time by 65% and alert triage time by 63%, enabling faster investigations and remediation. Seamless Security Integration – Operates across existing security controls to automate detection and response without disrupting workflows. "Recorded Future's Malware Intelligence has transformed the way we hunt threats. With natural language processing, we can search in plain English, easily map TTPs, with the option for analysts to build both broad and targeted queries, and identify adversaries using similar tactics. It helps us move beyond IOCs to gain a deeper understanding of threats—strengthening our defenses and streamlining threat hunting." — Mark Paranto, Cyber Defense Senior Threat Hunter, SAP Malware Intelligence is now available to purchase to all current and prospective Recorded Future customers. Visit booth S-926 at RSA Conference 2025 for a demo or learn more at To dive deeper into Malware Intelligence and see it in action, join our live webinar on April 29 at 8 AM PST / 11 AM EST. Register here: [ ] About Recorded Future Recorded Future is the world's largest threat intelligence company. Recorded Future's Intelligence Cloud provides end-to-end intelligence across adversaries, infrastructure, and targets. Indexing the internet across the open web, dark web, and technical sources, Recorded Future provides real-time visibility into an expanding attack surface and threat landscape, empowering clients to act with speed and confidence to reduce risk and securely drive business forward. Headquartered in Boston with offices and employees around the world, Recorded Future works with over 1,900 businesses and government organizations across more than 80 countries to provide real-time, unbiased and actionable intelligence. Learn more at
WIRED
14-04-2025
- Business
- WIRED
Black Basta: The Fallen Ransomware Gang That Lives On
Apr 14, 2025 6:00 AM After a series of setbacks, the notorious Black Basta ransomware gang went underground. Researchers are bracing for its probable return in a new form. ANIMATION: JAMES MARSHALL The pecking order of ransomware gangs is always shifting and evolving, with the most aggressive and reckless groups netting big payouts from vulnerable targets—but often ultimately flaming out. Russian-speaking group Black Basta is the latest example of the trend having stalled out in recent months due to takedowns by law enforcement and a damaging leak. But after some quiet weeks, researchers warn that, far from being dead and gone, the actors involved with Black Basta will reemerge in other cybercriminal groups—or potentially already have—to start the cycle once again. Since appearing in April 2022, Black Basta has generated hundreds of millions of dollars in payments targeting an array of corporate victims in health care, critical infrastructure, and other high-stakes industries. The group uses double extortion to pressure targets into paying a ransom—stealing data and threatening to leak it while also encrypting a target's systems to hold them hostage. The US Cybersecurity and Infrastructure Security Agency warned last year that Black Basta had gone on a spree targeting more than 500 organizations in North America, Europe, and Australia. A major international law enforcement takedown in 2023 of the 'Qakbot' botnet hindered Black Basta's operations, though. And, this February, a major leak of the group's internal data—including chat logs and operational information—rocked the group. Since then, it has gone dormant. Researchers warn, though, that the criminals behind Black Basta are already on the move and are almost certain to stage a resurgence. 'We haven't seen the leaders of Black Basta regroup, but they're going to continue to work, they're going to continue to operate,' says Allan Liska, a threat intelligence analyst focused on ransomware at the security firm Recorded Future. 'There's still too much money in it not to. And ransomware actors are creatures of habit just like anyone.' The leak revealed details about Black Basta's malware and technical capabilities, its internal squabbles, and clues about the identity of the actors behind the group, particularly its main administrator. The exposed data was from what might be considered Black Basta's heyday, September 2023 to September 2024. During this period, the group didn't shy away from the possibility of causing harm with its breaches. A particularly aggressive attack last year on the St. Louis–based health care network Ascension, for example, reportedly caused disruptions in care, including rerouted ambulances. Black Basta struggled to maintain its momentum, though, after the 2023 Qakbot takedown, known as Operation Duck Hunt. 'It was a huge blow to them, and they were trying to get back on their feet—use other botnets, work on a custom botnet, but that didn't really work, and ultimately their infection rate was declining,' says Yelisey Bohuslavskiy, chief research officer of the threat-intelligence firm RedSense. 'They had fewer targets and were getting into fewer networks. They were still dangerous, but there was this feeling that there was deterioration going on.' Even in this decline, there was evidence that Black Basta was trying to mount a resurgence. In addition to exploring new malware, the gang started focusing on compromising targets through social engineering and influence campaigns, particularly spam email operations and tech support scams. But after the leak, Bohuslavskiy says, members began moving to other groups and have already been buoying their new gangs. Like any industry, the Russian cybercriminal landscape is full of people who have worked together or competed against one another for years. Black Basta was able to establish itself so quickly because many of its members were involved with previous cybercriminal operations, including the longtime cybercriminal gang Conti. Conti is a well-known group because of another internal leak incident in 2022 that exposed its inner workings and ties to the Kremlin. After Conti's demise, researchers tracked its members as they dispersed and started new hacking groups, including Black Basta. While Black Basta is not unique in its tactics and methods, researchers say that the group is noteworthy for its technical skills and depth of cybercriminal experience, which allowed it to push the envelope on the approaches a ransomware group can take. 'The people behind Black Basta have been in a lot of networks and have a lot of experience,' Recorder Future's Liska says. 'They aren't the most prolific group but I think they are one of the more dangerous groups because they are so skilled.' February's leaks revealed, for example, that Black Basta developed a tool for automatically infiltrating network devices like routers that had easily-guessable passwords. Automating a tool to guess passwords is not a groundbreaking capability, but it is the type of project that many ransomware groups wouldn't think to take on themselves or have the capacity to develop in-house. In a report last week analyzing the leaked Black Basta communications, researchers from the security firm Trustwave wrote, 'The messages show how members exhibit remarkable autonomy and creativity, adapting quickly to evolving security landscapes.' The Black Basta leak is a cache of 200,000 messages and other data apparently taken from the group's Matrix chat server, by user 'ExploitWhispers.' The trove includes the text of the group's communications plus time stamps, sender and recipient details, and other metadata. The identity and motivation of 'ExploitWhispers' is unknown, but they claimed to have leaked the data because Black Basta had allegedly attacked Russian banks, violating the unwritten rule that cybercriminals can operate in Russia with impunity so long as they do not attack Russian organizations. While the exposure that came with the leaks was a death knell for Black Basta as a group, it is more likely to be a setback than a permanent defeat for its members. 'We haven't seen the leaders of Black Basta regroup, but they're going to continue to work, they're going to continue to operate,' Recorded Future's Liska says. 'There's still too much money in it not to. And ransomware actors are creatures of habit just like anyone.' RedSense's Bohuslavskiy adds that he has already seen signs of Black Basta members cropping up in other active gangs, including 'BlackSuit,' 'INC,' 'Lynx,' 'Cactus,' and 'Nokoyawa.' 'Now that Black Basta is done, a lot of the people have migrated, and there are a number of other ransomware groups that are getting infusions of Black Basta talent,' Bohuslavskiy says.
Globe and Mail
09-04-2025
- Business
- Globe and Mail
Surge in Cyber Threats Accelerates Demand for Account Takeover Prevention in Banking Market – Industry Revenue is Set to Surge by $1.60 Billion by 2030
"ATO Prevention in Banking Market Research Report by Arizton" According to Arizton's latest research report, account takeover prevention in banking market is growing at a CAGR of 9.01% during 2024-2030. Report Scope: Market Size (2030): $1.60 Billion Market Size (2024): $935.98 Million CAGR (2024-2030): 9.01% Historic Year: 2021-2023 Base Year: 2024 Forecast Year: 2025-2030 Market Segmentation: Service Type, Development Type, and Geography Geographical Analysis: North America, Europe, APAC, Latin America, and Middle East & Africa Account Takeover (ATO) fraud is a major threat in online banking, where cybercriminals gain access through stolen credentials, phishing, or malware. To combat this, banks invest in advanced ATO prevention technologies while balancing security with user experience. Measures like Multi-Factor Authentication (MFA) and CAPTCHA reduce fraud but can create customer friction. AI-based behavioral authentication and risk-based security are employed to mitigate these challenges, while fintech platforms and digital wallets increase the attack surface. Banks use AI-powered fraud detection to monitor login habits, transaction patterns, and biometrics, with behavioral biometrics like keystroke dynamics helping identify fraudulent activities. The ATO prevention market in banking is rapidly growing due to increased electronic transactions and more sophisticated hackers. Traditional password-based security is ineffective against phishing and credential stuffing, prompting banks to adopt FIDO2-based authentication, biometric methods, and passwordless solutions. Risk-based authentication (RBA) ensures minimal inconvenience for genuine users while blocking attackers. Dark web monitoring tools help detect compromised credentials, while liveness detection and AI-driven identity verification counter deepfakes and synthetic identities. Rising consumer awareness of cyber threats like ATO fraud, driven by data breaches and phishing attacks, is pushing banks to invest in advanced fraud prevention solutions that balance security and user experience. Recent Vendor Activities On September 12, 2024, Mastercard announced an agreement to acquire global threat intelligence company Recorded Future from Insight Partners for $2.65 billion. This acquisition enhances Mastercard's cybersecurity capabilities, strengthening the insights and intelligence used to protect the digital economy, including the payments ecosystem and beyond. On December 4, 2023, Thales announced the successful completion of its acquisition of Imperva. This transaction is expected to create substantial value for Thales' shareholders. Pre-Transaction Service Type Gaining Momentum Pre-transaction prevention measures are essential for blocking ATO fraud before transactions occur, using technologies like MFA, RBA, identity verification, device fingerprinting, and PAM. ATO attacks have surged due to data breaches and credential stuffing, with cybercriminals using stolen credentials from the dark web to target accounts. Banks are adopting AI-powered solutions like MFA, behavioral biometrics, and RBA to thwart automated bot-based attacks and ensure secure login. Cloud-based fraud detection allows real-time monitoring of transactions. Regulatory frameworks such as PSD2, CCPA, and FFIEC require strong customer authentication, driving demand for AI-driven identity verification and biometric authentication in the banking sector. Competitive Landscape and Future Trends in ATO Prevention for Banking The ATO prevention market in banking is highly competitive, with vendors differentiating themselves through technological innovation, comprehensive offerings, and strategic partnerships. Established cybersecurity companies dominate the market, making it challenging for new entrants to stand out. Banks prefer long-term relationships with reputable suppliers, further hindering new competitors. The market is also at risk from low-cost, low-quality security solutions that fail to provide adequate fraud detection. Moving forward, the future of ATO prevention will focus on security-driven, friction-reducing, and accurate fraud detection technologies. This includes the shift away from passwords and OTPs toward behavioral biometrics, AI/ML, and frictionless authentication methods. Key Vendors Datavisor Entrust Experian Kount LexisNexis Risk Solutions Ping Identity Accertify Arkose Labs BioCatch Bureau Combate a Fraude (Caf) Callsign Entersekt Feedzai Human Imperva Mastercard Outseer Prove Identity Socure SpyCloud Telesign Transmit Security TransUnion Segmentation & Forecasts Service Type Pre-Transaction During-Transaction Post-Transaction Deployment Type Cloud-Based On-Premise Geography North America US Canada Europe UK Germany France Italy APAC China India Australia Japan Latin America Brazil Mexico Middle East & Africa Turkey Saudi Arabia The Arizton Advisory & Intelligence market research report provides valuable market insights for industry stakeholders, investors, researchers, consultants, and business strategists aiming to gain a thorough understanding of the ATO prevention in banking market. Request for Free Sample to get a glance of the report now: What Key Findings Will Our Research Analysis Reveal? What is the expected growth of the global ATO prevention in banking market? What is the growth rate of the global ATO prevention in banking market? What are the factors driving global ATO prevention in banking market growth? Which region will have the highest CAGR in the global ATO prevention in banking market? Who are the major players in the global ATO prevention in banking market? Generative AI in Software Development Market - Global Outlook & Forecast 2025 - 2030 Financial Wellness Benefits Market in the United States - Research Report 2020-2029 Why Arizton? 100% Customer Satisfaction 24x7 availability – we are always there when you need us 200+ Fortune 500 Companies trust Arizton's report 80% of our reports are exclusive and first in the industry 100% more data and analysis 1500+ reports published till date Post-Purchase Benefit 1hr of free analyst discussion 10% off on customization About Us: Arizton Advisory and Intelligence is an innovative and quality-driven firm that offers cutting-edge research solutions to clients worldwide. We excel in providing comprehensive market intelligence reports and advisory and consulting services. We offer comprehensive market research reports on consumer goods & retail technology, automotive and mobility, smart tech, healthcare, life sciences, industrial machinery, chemicals, materials, I.T. and media, logistics, and packaging. These reports contain detailed industry analysis, market size, share, growth drivers, and trend forecasts. Arizton comprises a team of exuberant and well-experienced analysts who have mastered generating incisive reports. Our specialist analysts possess exemplary skills in market research. We train our team in advanced research practices, techniques, and ethics to outperform in fabricating impregnable research reports.
Axios
08-04-2025
- Business
- Axios
Tariffs could jumpstart Beijing's global spying efforts, executive warns
Escalating U.S.-China trade tensions are likely to fuel a surge in Beijing-backed cyber espionage, a top security executive warns. Why it matters: U.S. companies and government agencies were already grappling with an unprecedented wave of hacking activity linked to the Chinese government. New tariff threats could intensify that pressure. Driving the news: President Trump threatened on Monday to impose an additional 50% tariff on Chinese goods starting Friday. The warning followed Beijing's move to implement its own 34% retaliatory tariff. "All talks with China concerning their requested meetings with us will be terminated until such time as the tariffs are removed," Trump said. Threat level: The escalation gives Chinese operatives a stronger incentive to gather intelligence from U.S. politicians and global companies about how seriously to take the tariff threats, Levi Gundert, chief security and intelligence officer at Recorded Future, told Axios. "There will be a premium put on very timely information that helps them navigate this new era," he said. The volume of China-backed espionage targeting U.S. entities is already at record levels. Gundert said Beijing will likely also intensify efforts against governments and companies in other countries that are also negotiating new tariff deals with Trump. Between the lines: Spying on sensitive political and economic discussions has long been a core objective of Chinese cyber operations. Gaining insights into tariff talks would fall squarely within Beijing's typical spying domains, Gundert said.
