Log in
E-mail
Password
Show password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON
  1. Homepage
  2. Equities
  3. United States
  4. Nyse
  5. IronNet, Inc.
  6. News
  7. Summary
    IRNT   US46323Q1058

IRONNET, INC.

(IRNT)
  Report
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

IronNet : February Threat Intelligence Brief

02/09/2022 | 05:39pm EST
share with twitter
share with LinkedIn
share with facebook
Feb 9, 2022

In mid-January there were multiple attacks on the Ukrainian government website. Several webpages were wiped and defaced stating that Ukrainian, Russian, and Polish personal data was leaked. Microsoft observed destructive malware activity tracked as DEV-0586 used in intrusion attacks against the Ukrainian government agencies. There has not been any association between DEV-0586 and any other known threat actor groups.

At IronNet, we look to behavioral analytics to detect unknown threats on enterprise networks before adversaries succeed at their end-game: exploitation or exfiltration. First, we do the threat detection groundwork needed to spot abnormal network activity across our customers' networks. Second, our IronDefense NDR expert system scores these alerts, prioritizing the most interesting events to help cut down on alert fatigue. Finally, we take a Collective Defenseapproach to crowdsourced threat sharing in real time.

The February IronNet Threat Intelligence Brief

This ability to analyze and correlate seemingly unrelated instances is critical for identifying sophisticated attackers who leverage varying infrastructures to hide their activity from existing cyber defenses. As reported in the February Threat Intelligence Brief, our analysts review alerts from millions of data flows that are ingested and processed with big data analytics. We apply ratings to the alerts (benign/suspicious/malicious) and immediately share them with IronDome Collective Defenseparticipants.

Here is a snapshot of what we discovered across the IronDome communities in January, showing 827 correlated alerts across IronDome participant environments:

Given the unique cross-sector visibility and Collective Defense capabilities of IronDome, we are able to highlight the most frequent behaviors each month, in turn enabling us to track trends over time. For January, the most frequent behavior analytics were External Scanning (477), C2 Rendevous (DGA) (185), and New and Suspicious Domains (142).

Analysis of IOCs

In addition to correlated alerts, significant IronDome community findings revealed 552 Indicators of Compromise (IoC) that may pose risk to IronDome participant environments. For example, we analyzed the malicious domain best-lucky-man[.]xyz, known for hosting process injection malware detected by ESET and VirusTotal.

All the IoCs we analyzed are used to trigger alerts that are mapped to the Cyber Kill Chain to identify the stage and progression of the threat. They can be used to create detection rules for network, endpoint, or other security tools currently deployed to mitigate cyber risk in each IronDome participant's environment.

See the February Threat Intelligence Brief for the full list of recent IoCs.

The bigger picture of Collective Defense

Every month, IronNet's expert threat analysts create threat intelligence rules (TIRs) based on significant community findings from IronDome, malware analysis, threat research, or other methods to ensure timely detection of malicious behavior targeting an enterprise or other IronDome community participants.

In January, we created 3,521 threat intel rules of our 293,909 created to date. Some examples of this month's research related to indicators associated with malware delivery domains for Gafgyt, Setag, Tsunami, Typosquat, ClipBanker, and Perseus malware.

This combination of behavior-driven and IoC signature-based detection, alert ranking, and sharing ensures IronDome participants have the broadest view of threats facing their enterprise.

Ukrainian government website attack

As I mentioned, multiple Ukrainian government websites were targeted and personal data was leaked. The Secret Service of Ukraine (SSU) reported this was the result supply chain attack that allowed the threat actors to to access a company called Kitsoft. Kitsoft manages websites for the Ukrainian government websites impacted by the attack included the Ukrainian Ministry of Foreign Affairs, Ministry of Education and Science, Ministry of Defense, the State Emergency Service, the website for the Cabinet of Ministers, and others. It's reported that reported threat actors tried to compromise 70 websites but only reached 10.

On January 13, Microsoft observed destructive malware being used in intrusion attacks against numerous Ukrainian government agencies and associated organizations. While it appears the malware was designed to look like ransomware, its lack of ransom recovery indicates that its purpose was to render the system inoperable.

The two-stage malware first overwrites the Master Boot Records and leaves a ransomware note containing a Bitcoin wallet and ToxID. The second stage executes when the compromised device is powered down. This activity is known as DEV-0586. Lastly, given the timing of the wiper malware deployment and the fact the messages on the website said data had been stolen and deleted, there is some speculation that the website defacements and wiper malware attacks were intended to have been better coordinated.

You can see the latest industry news in the full brief or check out IronNet's threat intelligence hub.

About Ironnet
Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet Cybersecurity is a global cybersecurity leader that is revolutionizing how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing an extraordinarily high percentage of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today. Follow IronNet on Twitter and LinkedIn.

Disclaimer

IronNet Inc. published this content on 09 February 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 09 February 2022 22:38:12 UTC.


© Publicnow 2022
All news about IRONNET, INC.
05:03pIronNet Announces Agreement with a Gulf Cooperation Council Country to Provide Collecti..
BU
02/03IRONNET : The need for behavior-based detection as attackers adopt uncommon coding languag..
PU
01/28IRONNET : GDPR regulators crack down on data processing as companies struggle with privacy..
PU
01/27Major Texas-based Bank Bolsters Cybersecurity Posture with Addition of IronNet Collecti..
BU
01/20IronNet Combats Growing Cyber Attacks Against Education Sector
BU
01/20Ironnet, Inc. Combats Growing Cyber Attacks Against Education Sector
CI
01/14IRONNET : collaborates with New York Power Authority to defend key supply chain partners
PU
01/14IRONNET : Learn How IronNet and AWS Helped a State Power Authority Prevent Cyberattacks at..
PU
01/13IronNet to Provide Cybersecurity Technology to New York Power Authority
MT
01/13IronNet and New York Power Authority (NYPA) Expand Partnership to Defend Key Supply Cha..
BU
More news
Analyst Recommendations on IRONNET, INC.
More recommendations
Financials (USD)
Sales 2022 26,2 M - -
Net income 2022 -243 M - -
Net cash 2022 57,2 M - -
P/E ratio 2022 -1,07x
Yield 2022 -
Capitalization 296 M 296 M -
EV / Sales 2022 9,14x
EV / Sales 2023 5,92x
Nbr of Employees 296
Free-Float -
Chart IRONNET, INC.
Duration : Period :
IronNet, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends IRONNET, INC.
Short TermMid-TermLong Term
TrendsNeutralBearishBearish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus HOLD
Number of Analysts 4
Last Close Price 3,44 $
Average target price 5,13 $
Spread / Average Target 49,0%
EPS Revisions
Managers and Directors
Keith Brian Alexander Chairman, President & Co-Chief Executive Officer
William E. Welch Co-Chief Executive Officer & Director
James C. Gerber Chief Financial Officer
Donald R. Dixon Independent Director
John Michael McConnell Independent Director
Sector and Competitors
1st jan.Capi. (M$)
IRONNET, INC.-18.10%290
MCAFEE CORP.0.35%4 822
KNOWBE4, INC.5.58%4 150
DARKTRACE PLC-10.61%3 267
TELOS CORPORATION-31.52%705
COGNYTE SOFTWARE LTD.-34.91%684