Stop blaming people.
Protect them.
ChatGPT and other generative AI tools threaten to tip the scale in attackers’ favor by making attacks more fluent, plausible and convincing, while deploying them at an unprecedented scale.
Training your employees to correctly identify and report every phishing email is not effective. Worse, it makes your people feel responsible for being fooled by sophisticated attacks. Today, nearly 30% of phishing emails are still opened, despite decades of user training and email filtering platforms in place.
Your employees aren’t to blame for phishing and ransomware. Attackers are. It’s time to implement AI-scaled defenses, not only to protect your mission-critical systems, but also to protect your most valuable resource: your people.
UpSight is the only purpose-built anti-ransomware engine powered by AI to predict, interdict and permanently evict threats in seconds.
Automatically remediate attack damage and enhance your security posture against subsequent threats with next-gen resiliency.
PREDICT
Natural Language Processing (NLP) AI parses threat behaviors like a language, with known syntax, allowing UpSight to predict an attacker’s next move like the next word in a sentence.
INTERDICT
Ransomware, phishing and credential-theft attacks are identified, isolated and proactively neutralized, halting the executable before it does damage to your sensitive business systems.
EVICT
UpSight permanently evicts AI-assisted attackers from your system, reversing all backdoor access points to prevent future attacks, rolling back damage in seconds, not hours or days.
BEHAVIORAL AI THREAT DETECTION
UpSight identifies and halts threats based on behavior, not definitions. So a password stealer is a password stealer, no matter what.
The result? Much, much faster detection times. Evict threats in seconds, not minutes, hours or even days like conventional AV or EDR.
That means UpSight’s detection sweetspot occurs before the attacker compromises your system, not after. Before credentials are stolen. Before payloads are detonated. Before damage is done. That’s the power of AI.
UPSIGHT STOPS PASSWORD STEALERS:
-
55% of successful password-theft attacks in 2023 used a Redline infection. This incredibly prevalent bit of malware kit is freely traded on the dark web and requires little technical competence to employ with devastating effects.
While conventional AV/EDR are often bypassed by Redline, UpSight stops it cold.
-
Raccoon stealer, a deceptively simple executable created by “malware-as-a-service” threat actors, does one thing and does it well: uses email attachments to pilfer user credentials. It’s a popular weapon among criminals in the banking and crypto spaces.
Because Raccoon itself omits advanced concealment features, different attackers hide it in different ways to evade antivirus.
But UpSight isn’t fooled. Our AI engine recognizes and halts the act of credential theft itself, before it happens.
Orange employee infected, resulting in BGP disruptions
Group operators announced a comeback despite the arrest of one of their team members
-
Lummastealer, a sophisticated credential theft tool that’s popular in social engineering attacks on the hospitality industry, uses a variety of junk instructions and extra-large executables to hinder detection.
When paired with convincing emails and chats from seemingly trusted actors, Lummastealer attacks successfully compromised MGM Resorts and Caesars, disrupting services from Las Vegas to Macau and costing the companies millions.
The outcome would likely have been very different had those organizations used UpSight in additional to conventional security. UpSight’s behavioral AI engine uses “attackword” behaviors as linguistic predictors, allowing it to respond and evict threats much faster. Because techniques like these evade AV and sandbox detection, most security measures will be fooled. But not UpSight, since we protect the human user directly by recognizing and blocking threat behaviors
-
Agent Tesla, a well-known and devious .NET-based trojan tool for keystrokes, screenshots and login credentials, is behind a number of attacks on U.S. education and government entities.
Tesla exploits common vulnerabilities in widely used software like MS Office to deliver payloads infected with Visual Basic (VBA) macros to commandeer user credentials. It’s often paired with convincing AI-augmented emails that replicate the look and tone of trusted voices within the organization.
But here at UpSight, we don’t believe in burdening human employees with the task of defending against malware threats. UpSight’s AI engine identifies the threat posture baked into the credential threat mechanism and halts it before it executes, so no matter how convincing a phishing message is, your employees remain safe.
-
Called a “top critical infrastructure threat” by BlackBerry’s Global Threat Intelligence in 2023, RustyStealer has a VirusTotal detection rate of just 22%. In other words, it’s going to slip by your conventional security solution more than three-quarters of the time, using exposed ports to exfiltrate your employees login credentials.
Rusty’s sourcecode is freely available on the shadier corners of the internet, and requires little in the way of technical or financial resources to employ it as part of a ransomware scheme.
Fear not! Though Rusty evades AV, UpSight’s internal UpScan detonation lab tests show that we catch it each time, every time.
UPSIGHT BLOCKS RANSOMWARE PAYLOADS:
-
Lockbit is the gold standard of ransomware. It automatically identifies valuable targets, propagates itself and encrypts all accessible systems on your network.
Stolen data is then leveraged for ransom, with many attackers threatening to leak vast swathes of sensitive information — as in the recent compromise of the D.C. Department of Insurance, Seurities and Banking (DISB).
To date, the Lockbit group has successfully targeted over 2,000 victim organizations and collected more than $120 million in ransom payments.
UpSight's AI defense recognizes and terminates suspecious behavior, regardless of where in the attack chain it occurs. UpSight halts credential theft and hostile VPN behavior, as well as stopping lateral movement within the network and payload detonation.
-
BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022.
By exploiting compromised Remote Desktop Protocol (RDP) credentials, often obtained through phishing attacks (or simply purchasing them from dark web brokers), BianLian group attacks disable Windows Defender, move laterally on the network and encrypt sensitive data before extorting payment.
But all of the sneaky techniques amount to nothing in the face of UpSight AI behavior modeling. Because we predict attack behaviors, BianLian and similar threats are unable to detonate encryption and exfiltration payloads, as well as unable to gain credential access undetected in the first place.
-
BlackBasta, a Russian-speaking malware group, profits on both sides of the malware game -- they encrypt data and demand ransom, while also exfiltrating and selling sensitive data on their in-house cybercrime marketplace should the victim fail to pay. To date, the BlackBasta enterprise has raked in $107 million in ransom payments via Bitcoin.
Like other payloads in this list, BlackBasta gains credential access through phishing or initial access brokers, and then locks files throughout the victim network with a new file extension ".basta" for newer versions, and ".ransom" for older ones. BlackBasta leverages tactics like QakBot stealer, MimiKatz, and Windows Management Instrumentation (WMI) exploits or credential theft.
Here at UpSight, we're in the compromise prevention business, so while having a damage mitigation plan in place is essential, we want your company to never have to use it. UpSight's unique AI behavior detection recognizes suspicious activity, no matter what. So UpSight will block initial access and credential theft, and also halt payload detonations from threats like BlackBasta before they happen.
-
For the healthcare industry, there's no ransomware org more feared than Blackcat. Like many other ransomware payloads, Blackcat’s style is to purchase credentials on the dark web, lock and steal confidential patient or payment information using the AES algorithm, and then demand ransom and/or sell the data to other cybercriminals.
But there's no honor among thieves, as the initial access broker who sold Blackcat access to Change Healthcare's network claimed publicly to have been bilked out of their share of Change's staggering $22 million ransom payment.
Blackcat attacks have been successful against both Windows and Linux devices, and have compromised more than 200 enterprise-level healthcare organizations to date.
UpSight stops this disturbing and destructive crime dead in its tracks.
-
The grandaddy of ransomware empires, Conti was a Russian-speaking cybercrime group that at its peak, extorted more than $180 million from 900 victim companies worldwide.
But for Conti, their ambitions to move beyond massively profitable ransomware to their own crypto exchange, a social network and even an online casino may have been their undoing.
But law enforcement has become more adept at tracking ransom payments on the blockchain and following several high profile arrests, Conti appears to have splintered into several groups, likely including Blackcat and BlackBasta (above).
Multimillion dollar cybercrime syndicates are growing and metastasizing as the technological, financial and linguistic barriers drop — thanks in no small part to generative AI making convincing phishing emails and malware engineering simpler every day. But UpSight tips this arms race in your favor by leveraging artificial intelligence to recognize the behavioral hallmarks of malware attacks rather than the executables themselves. It’s time to stop groups like Conti by fighting AI ransomware with AI countermeasures.
By parsing threat behaviors like a language, UpSight predicts attacks before they happen.
Our AI engine identifies novel threat syntax, (“attackwords”) and evicts ransomware proactively and instantaneously, a quantum leap ahead of conventional EDR.
UpSight is proactive ransomware defense.
-
UpSight is a cloud managed thin client for your Windows™ endpoint devices which observes the billions of low-level events that occur every day and efficiently filters them down to the tiny subset that represent words in the attack lexicon and places them in the UpSight Attack Graph. The UpSight client is autonomous and predicts, interdicts and evicts attackers in real time.
-
The UpSight Attack Graph is a “sentence graph” of attacker techniques. By treating known threat behaviors as a language, we can use the predictive ability of natural language machine learning models to make predictions about what move actors will make next. This enables UpSight to identify, neutralize and evict threats much faster than competing solutions.
The graph is also the core of UpSight’s eviction capability. The attack sentence can be walked backwards to its root word; backdoors, persistence and malicious artifacts are disabled and automatically quarantined.
-
Our Predict, Interdict and Evict strategy provides an AI-scaled defense against ransomware which acts as a fast immune response where the attack is taking place, on the endpoint.
Our AI-based approach is not confined by signature detections, hash collections or the latency of cloud detections like traditional antimalware or endpoint defense suites. UpSight’s thin client is based upon the natural language of attacker behavior and is able to distinguish behavioral sentiment from IT doing routine software maintenance or deployments from attackers seeking to steal authentication credentials, deploy ransomware or extort data.
Our AI model is lightweight and runs directly on the endpoint.
UpSight does not require large amounts of storage, frequent updating and large amounts of processing power. Nor does UpSight need to send large amounts of data to a cloud service to operate. UpSight in fact can operate offline and autonomously from the UpSight Cloud.
-
Generative AI provides an scaling advantage to its user for creating new and unique content from existing examples. The specifics of the techniques are not likely to change, but the scope, scale and uniqueness are.
Attackers are using generative AI to automate antimalware evasion and overwhelm EDR defenses with unique malware and attack campaigns.
Generative AI makes phishing attacks more fluent, plausible and convincing. Messages impersonating trusted contacts can be in the correct voice, in context and interactive at low cost to the attacker. Gone are the days of badly translated phishing emails asking you to take actions that seem strange. Instead, the future of phishing is a generative AI powered message over Teams or Slack from your boss following up from a meeting you had the previous week directing you to take some action that compromises the organization.
The traditional solution of relying on costly employee training simply will not work in the face of these sophisticated new tactics. You need an AI-scaled solution to counter AI-augmented ransomware threats.
-
UpSight adds a new fast-immune-response layer in your security stack which boosts dedicated resilience against ransomware attacks alongside legacy AV and EDR solutions.
UpSight dramatically and cost-effectively improves your resiliency over legacy antivirus alone by complimenting your EDR sensor. Endpoint detection is best at identifying “big picture” threats at the scope and scale of your network, but can struggle with halting early attempts without overwhelming your SOC team with alerts. UpSight acts as a force multiplier for your SOC when deployed alongside EDR.
-
UpSight's language-based approach to attack detection means we have very detailed knowledge of what actions an attacker took prior to detection, and can use that framework to efficiently evict evict them. UpSight is able to walk back the attack sentence, removing attacker artifacts such as scheduled tasks, services, command and control processes and malware.
UpSight does not use snapshots or other backup technologies to accomplish this. UpSight is only able to remediate reversable actions and is not a substitute for a backup. However, eviction is an effective response against threats nd removes them from an impacted machine without further disruption.
If UpSight is not able to undo a particular action such as exposed credentials as part of eviction, your security team will be acting from a position of impactful knowledge and can take directed remediation steps such as resetting account credentials.
-
UpSight's architecture is best in class, emerging from decades of experience within the founding team building legacy antivirus and EDR. Our technology was purpose-built to have the greatest security efficacy with the least impact.
UpSight is a new approach and is not based on legacy static signatures, process- or file-scanning technologies; unlike EDR sensors it does not need to upload large amounts of event data on an ongoing basis. UpSight's internal architecture is similar to an EDR sensor in some respects, but unlike many EDR sensors UpSight is engineered only using supported APIs from Microsoft.
UpSight has a smaller CPU, disk, memory and network footprint than most EDR sensors and all legacy antivirus scanners.
-
No! UpSight is here to help your SOC perform at AI scale, not to generate extra alerts or create more busywork. UpSight automates the detection and response of advanced ransomware threats in real time.
UpSight defends seamlessly alongside your existing security platforms to manage true positive alerts with detailed information about how the threat was detected and the attacker evicted.
AI-augmented ransomware is here.
“That Russian native hacker who doesn’t speak English well is no longer going to craft a crappy email to your employees. It’s going to be native language English, it’s gonna make sense, it’s gonna pass kind of the sniff test of whatever topic it’s trying to convey.”
Rob Joyce | Director NSA Cybersecurity
Collaborating is great for business — but scammers love collaboration tools.
Penetration testing on businesses by CISA’s Assessment team revealed that 80% of orgs can be successfully phished. 84% of employees took the bait within the first 10 minutes of the attack.
And the most promising entry point for attackers? Collaboration tools like Slack, Zoom, Teams and Office.
UpSight provides a robust layer of AI security to the attack surfaces social engineers use to prey upon your employees.
Source: CISA.gov
