Say Goodbye to Website Malware with Quttera ThreatSign Antimalware

What was your vision when founding Quttera?

It all started with a team of enthusiasts. We were interested in information security and viruses. It was back in the days (it now sounds like pre-history) when desktop anti-virus solutions were the dominant front for fighting hacker attacks on personal computers and networks. The solution was based on signatures, whose underlying problem (which cannot be completely resolved) are zero-day attacks. This boils down to new infections which no signature can detect; and no other information is available to create a detection method. So, we predominantly addressed this issue as an academic problem and began researching possible approaches towards finding an alternative solution. Simply put, the challenge was how to determine whether a plain snippet of code is part of a malicious action or chain, and determine its level of suspiciousness. I started to look for recognition methods in various fields and explored numerous ideas and mathematical algorithms which could help define an approach towards a concrete solution.

To make a long story short, we came up with a software which analyzes the code using heuristics as a foundation, backed by behavioral and statistical methods, which assign the appropriate threat severity to the pieces of code. To test it, we created arbitrary vulnerability exploits using the available frameworks and heavily obfuscating them before applying our scanning engine. It helped us fine-tune the algorithms further and build the proper methodology for configuring the engine, depending on the targeted technology. This made the engine generic and flexible to create any applicative solution on top of it.

We filed for a patent and were ready to perform large-scale field testing, precisely at a moment in time when the internet had become a primary vehicle for cyber-attacks. We decided to build an application powered by our engine, allowing it to scan websites via simple HTTP requests and creating reports with detailed break-down of file-by-file analysis. Very fast, it became one of the famous and free resources for running remote security scanning of websites. In 2013, our scanner was included in VirusTotal (now a subsidiary of Google) to improve the detection rate of suspicious scripts, malicious media and any other security threat hidden into legitimate content located on websites.

With the boost of website click solutions and the rise of Content Management Systems (CMS), the attacks on the website became automated and impacted many websites, sharing similar security vulnerability. Hence, we decided to create a security plugin for one of the most popular CMS in the market – WordPress. We enhanced the plugin with more security features, such as server-side scan and advanced reporting features, and we are continuously updating it as our engine evolves. At the end of 2015, we decided to open Quttera Ltd., which focuses on developing new tools & services to detect, remove and protect web assets from known and unknown malware.

On the B2C vector, we started offering our cybersecurity platform as Security and as a Service (SECaaS) solution that we called ThreatSign Website Antimalware to help companies quickly establish efficient cybersecurity risk management, and to ensure that hacking does not disrupt the business. On the B2B vector we offer access to our Threat Intelligence center through the data feed, we also provide REST API to run the scan and query the database. Partners who use our technology in their malware solution include: web hosting companies, cloud providers, security vendors, web agencies, registrars, managed services providers (MSPs) and others. We are a team of 3 founders, and I serve as both a board director and a CTO.

What’s unique about the Quttera solution?

According to our research, the industry offers nothing like Quttera’s heuristic based engine. The core engine is one of the few (approx. 5 - 6 officially publicized) engines in the market. We chose a different approach, based on the premise we didn't know anything about the code. So, we sought to find a way to score it for identifying threat signs. It could be called the 'voice recognition' of malware. It may sound easy, but the reality is that the mathematical algorithms behind are highly sophisticated. Our innovation consists in a multi-layered, heuristic technology which can work without signatures and can be integrated into any system; this is what makes it unique. Other engines are either dependent on traditional signatures or have few behavioral or heuristic additions. We invest profusely on the Artificial Intelligence layer. Our solution and our technology are equipped with self-learning mechanisms to improve the detection precision and minimize false-positives. We developed this technology with the flexibility of a by-design approach. Meaning that the heuristic core allows any applicative implementation to be added on top of it (wrap), thus benefitting from the power of Quttera. It can be used to help any vector of Information Security: IoT, Security Frameworks, Telecom, Website Scanners, Cloud Hosting, Vulnerability Scanners, etc.

In terms of malware removal, our internally developed tools enable an increased capacity to cleanse websites of malware and viruses in large quantities. These tools operate in both automated and semi-automated modes, thereby reducing the need for human intervention.

Our Threat Intelligence database is continuously updated from Quttera scanners that crawl internet and process millions of URLs monthly and dissect the code to update the detection mechanisms (self-learning) and the domain's security status.

What kind of attacks do you encounter most frequently? 

Most of the attacks are, of course, automated and are part of hacking campaigns, ranging from Black SEO/SPAM poisoning campaigns, equipped with self-recovering bots that infect thousands of the unique IP addresses, to campaigns that target certain vulnerable themes or plugins of one of the popular CMSs, like WordPress, Joomla, Drupal, etc.

We can affirm that the new trend for the past year has been the crypto mining hacking. Those campaigns were huge and had gone so far as to use popular code repositories, like GitHub to create free accounts to commit the obfuscated code and use it later in the injection. Hence, a significant part of the cleanup requests that we handled in 2017 and early 2018 were due to Crypto jacking. The bitcoin mining popularity was a trigger with the motivation to use victims’ resources to mine cryptocurrency. Of course, the traditional methods that cybercriminals use are still there and will remain, such as Ransomware, Phishing, Defacements, Cross-site scripting (XSS), SQL injection and others.

You recently wrote in your blog that Malicious SEO Spam is making a comeback. Can you explain?

As I mentioned earlier, there were big campaigns of Black SEO/SPAM during the last couple of years, but the tendency seems to be in decline. However, we noticed some pick in such campaigns (mostly the pharma hack oriented) and decided to share this with our blog readers to help locate these infections to prevent damages caused to businesses and their ranking.

In your opinion, what current trends can we expect to see in the way businesses handle their digital assets? 

We shared our thoughts on the matter in other posts on website security on small and medium-sized businesses. No matter the size of your business, it is a valuable target for hackers. Whether as part of massive scale attack or a dedicated attack, cybercriminals make a profit by using your web assets in their illegal actions. Cybersecurity is no longer a fancy threat you can ignore. Proper cybersecurity risk management is becoming critical for any business that strives to succeed and secure its online presence. Especially with the EU's new General Data Protection Regulation (GDPR) which went into effect this last May 2018 and its effect on security policies. Under the GDPR, depending on specific factors, businesses that do not utilize security measures to protect their customers’ data may face severe legal consequences and financial penalties. We can expect more businesses to choose SECaaS as their website security solutions. Such solutions must offer critical defenses, such as incident response handling, scheduled malware scanning of assets for Web Application Firewall (WAF) provisioning and other vital safeguards to manage the ever-growing cybersecurity risks properly and adapt to the continuously evolving threat landscape.