How CodeHunter authorizes, blocks, and contains code before it executes. Practitioner and SOC-facing content covering deterministic verdicts, triage automation, and EDR augmentation.

Abstract digital security visualization representing software execution activity and the need to verify and control code behavior before it runs

Malware-as-a-Service: A Top Threat to Organizations in 2024

/in , , , /by

What is Malware-as-a-Service?

Malware-as-a-service (MaaS) poses a serious threat to enterprise organizations. MaaS functions much like any other software-as-a-service you may be familiar with, and in some cases even comes with technical support. Hackers develop complex malware systems that can be easily purchased by even the most novice of cybercriminals, who can then launch sophisticated attacks against individuals and businesses. Malware-as-a-service democratizes cybercrime, providing any run-of-the-mill criminal with the expertise of an experienced hacker, drastically increasing the average strength and sophistication of a malware attack.  Read more

Abstract red cybersecurity visualization representing high-risk software execution environments and the need to verify and control code behavior before it runs

Elevating Malware Signature Creation to New Heights

/in /by

In cybersecurity, malware signatures, comprised of specific byte patterns, file attributes, code sequences, and other characteristics, play a crucial role in identifying and flagging malicious software. These signatures enable security tools like Windows Defender, Malwarebytes, and Sophos to spot potential threats within computer files and network data.

Read more

Abstract cybersecurity scene illustrating malicious activity and the importance of controlling software execution before harmful code is allowed to run

Unknown Code, Known Behavior: Pre-Execution Defense Against Zero-Day Threats 

/in , /by

Zero-day attacks are, by definition, the threats nobody saw coming. No patch exists. No signature has been written. No prior incident has made it into a threat database. And yet the code is already out there, already capable of causing damage, already moving toward systems that have no specific defense prepared for it.

The cybersecurity industry has spent decades building tools designed to recognize what they have already seen. Zero-day threats are specifically designed to be something those tools have never seen before, and that tension is not going to resolve in favor of signature-based detection. The volume of novel threats is growing too fast, and AI has made generating new variants easier than ever.

The question is not how to get better at recognizing zero-day code. The question is how to evaluate what code will do regardless of whether it has ever been seen before.

The Cost of Unknown Threats

The financial case for addressing zero-day vulnerabilities is not abstract. The WannaCry ransomware attack in 2017, which used a zero-day exploit, caused an estimated $4 billion in damages globally. The SolarWinds supply chain attack in 2020, also built around a zero-day, affected more than 18,000 organizations and cost billions more. The pattern is the same in each case: code executes before anyone understands what it can do, and by the time the behavioral impact surfaces, the window to prevent it has long since closed.

The AI Acceleration Problem

A study from the University of Illinois Urbana-Champaign put the zero-day problem into sharper focus. Researchers gave GPT-4 access to a database of zero-day vulnerabilities, equipped only with CVE descriptions, and the model successfully exploited 87% of them autonomously. Most open-source scanners could not detect the same vulnerabilities at all.

GPT-3.5 achieved a 0% success rate on the same task. That jump, from 0% to 87% in a single model generation, tells you something important about where this is heading. As models grow more capable and more accessible, the democratization of zero-day exploitation is not a future risk. It is an accelerating present one.

Why Signature-Based Detection Cannot Solve a Novelty Problem

Signature-based detection is a catalog of the past. Zero-day code has no entry in that catalog. Polymorphic and metamorphic code compounds the problem further by generating variants that look structurally different with every iteration while performing the same underlying functions. Writing signatures fast enough to keep pace with AI-generated novelty is not a strategy that scales, and it never will be.

Behavioral Capability Analysis: Prior Knowledge Not Required

Pre-execution behavioral capability analysis does not compare artifacts against a library of known threats. It deconstructs the artifact itself, examining its programmatic structure to determine what it is capable of doing. A zero-day payload that has never been catalogued still makes system calls. It still initiates or avoids network connections. It still does or does not attempt privilege escalation. These behavioral characteristics are present in the artifact regardless of whether anyone has ever seen it before.

Surfacing those characteristics before execution is authorized is the only defense model that is not structurally defeated by novelty. The verdict is not based on resemblance to something previously seen. It is a deterministic Allow, Block, Contain, or Escalate decision, issued before the code ever runs, backed by forensic evidence, and mapped to MITRE ATT&CK.

Zero Trust for Code is that control. Every artifact is untrusted by default, and trust is earned through behavioral verification. Find out how CodeHunter brings pre-execution defense to your security stack.

Abstract red digital trend illustrating rising operational risk and the consequences of failing to control software execution before code is allowed to run

If We Really Cared About the Cybersecurity Talent Shortage…

/in , /by

…We Wouldn’t Make Cybersecurity Jobs So Hard To Fill

The cybersecurity industry is booming with job openings, but organizations don’t have the talent to fill them. Over a third of the 1.8 million cybersecurity jobs in the U.S. go unfilled due to lack of skills and expertise — generating a talent gap that could fill Yankee Stadium thirteen times over. (That’s 18 times the amount of seats in Fenway Park for you Red Sox fans.)

Meanwhile, cyberattacks keep increasing in frequency and sophistication. By 2023, the number of global malware attacks is projected to reach over 1.4 billion — and that’s just known malware. It’s impossible to predict the real impact of new threats in the years to come.

With such an overwhelming demand for talent and innovation, you would assume that the path to employment would be streamlined. But that’s far from the reality.

The cybersecurity industry is difficult to break into, workers report high levels of burnout, and too few employers offer room for career advancement. Without industry-wide solutions to bridge the talent gap, cybersecurity teams won’t keep up with rapidly evolving threats.

Barriers to Entry

Most cybersecurity positions require at least a bachelor’s degree and three or more years of experience. That includes entry-level positions. Meanwhile, computer science has one of the highest dropout rates in higher education, meaning fewer potential candidates are heading into IT in the first place, let alone cybersecurity.

Assuming a potential new hire has graduated with a bachelor’s degree in computer science — and even with a cybersecurity certificate or two — landing a cybersecurity job worth the effort is a difficult task. Breaking into the cybersecurity field is often unclear, and navigating a cybersecurity career path can be just as confusing.

Cybersecurity is constantly changing and evolving to face the latest threats and meet new and stricter standards. That means the learning curve gets steeper and more complex with time. It’s harder for every fresh wave of college grads to gain a foothold. And when they do, the workload is heavy and demanding, with too few rewards to keep skilled workers around for the long haul.

Overwork and Burnout

The people who do manage to break into the industry often find that it’s a far more demanding job than they might have anticipated. Notorious for overwork and burnout, cybersecurity jobs are not for the faint of heart. Cybersecurity professionals are often ignored when things go right and villainized when things go wrong.

CodeHunter CEO Larry Roshfeld applies this exhausting thought to the cybersecurity industry as a whole: “The thing about being responsible for cybersecurity is that we know we can’t win; the best we can ever hope for is not to lose.”

The fatigue that comes with this line of work shows in the numbers. Over half of surveyed IT security professionals said they or someone they knew left their job due to overwork and burnout or worked with someone who has. Additionally, 60% of employers report difficulties retaining qualified cybersecurity professionals.

These obstacles have created a skills gap that’s become increasingly difficult — and increasingly urgent — to overcome. If there aren’t enough opportunities for new hires to learn and grow, the current generation of cybersecurity professionals won’t have anyone to pass the baton to.

We Need a Culture Shift

Employers must balance expectations, workers’ well-being, and industry demands from multiple angles. To lead the way, the cybersecurity community can do the following:

  • Promote cybersecurity training in local colleges offering computer science programs.
  • Provide internships that offer meaningful experience in the cybersecurity field and help prospective cybersecurity professionals get ahead as quickly as possible.
  • Hire for top talent potential (as opposed to current skill levels), and provide the support and training to reach that potential.
  • Upskill and reskill current employees and promote from within while regularly freeing up entry-level positions.
  • Train all employees on cybersecurity best practices, compliance, and managing risk factors on a routine basis throughout the organization to share the burden of responsibility.
  • Look for exceptional soft skills in addition to tech skills — especially in management positions. Over half of ISACA’s survey respondents report a significant gap in soft skills in the cybersecurity industry.
  • Offer flexibility with scheduling and consider what employees need for a healthy work-life balance. This helps prevent burnout and attracts new talent.
  • Foster diversity. Employers who create a welcoming environment for everyone are recruiting from a larger talent pool, and are at less risk of high turnover.
  • Market the critical mission of cybersecurity: we make a difference by protecting people and organizations from cyber threats, big and small. The work is constantly evolving — and never dull.

Unfortunately, We Don’t Have That Kind of Time

While all of the above would set up the cybersecurity industry for a brighter and more robust future, none of those things will make a difference overnight — and we still need viable solutions now.

Even if we could hire armies of well-trained cybersecurity professionals, we would still be outnumbered by constantly evolving threats and increasingly sophisticated cyberattacks. We need solutions that help workers efficiently face threats at scale — and we needed them yesterday.

CodeHunter helps bridge the talent (and numbers) gap in cybersecurity with automated threat detection and analysis. It rapidly identifies otherwise undiscoverable threats and saves organizations precious time to discovery, resources, and man hours.

Learn more about the scale of the issue and how CodeHunter can help tackle it.

 Or check out these other resources to learn more about how CodeHunter combats the rising threat of malware

  • CodeHunter Enterprise is currently available. See how your organization’s needs align with CodeHunter’s advanced capabilities.
  • Learn all about advanced malware and why it’s one of cybersecurity’s greatest threats.
  • Understand how CodeHunter automates threat detection and analysis to make threat discovery and prevention accessible to cybersecurity teams of all experience levels.