"Behind every cyber attack is a human being with a malicious intent, trying to steal or manipulate data via the internet or a localised system. Therefore, such circumstances require the intelligence of an equally competent human being to comprehend infringements and fight back,” begins Marco Ramilli, founder and CEO, Yoroi. Realising the importance of unifying cybersecurity and threat intelligence within a single analysis portfolio, Ramilli established Yoroi three years ago. Based on the philosophy that ‘Defence Belongs to Humans,’ the company initially focused on the development of its Cyber Security Defence Center (CSDC), requesting few customers to act as beta-testers for the solution. Since then, Yoroi has been empowering cybersecurity analysts with a synthesis of incident response and deep malware analysis capabilities, living by its commitment of assisting Italian and Multinational companies, along with reputed European Banks, in combating cybersecurity attacks and achieving customer satisfaction.
Ramilli sheds light on the evolution of cyber threats and their complexities by referring to the World Economic Forum’s assessment of the cybersecurity landscape, all the while emphasising the hurdles organisations face when diagnosing and preventing attacks. Though most organisations employ automatic systems such as antivirus, firewall, IDS, behavioural network systems, and similar measures, companies fall prey to the persistently maturing malware.
In light of this predicament, the Yoroi CSDC offers a proprietary technology built for continuous and consistent threat analysis in order to better identify and block cyber attacks. “Our shared threat intelligence ensures that the entire security infrastructure of clients is always up-to-date. Yoroi’s cybersecurity analysts effectively mitigate such infringements leveraging our artificial intelligence (AI)- driven models,” states Ramilli.
The Yoroi CSDC creates a suitable environment for analysts to monitor the security vulnerabilities of its clients. Built on a threat intelligence core, CSDC constantly harvests information from various trusted sources in clearnet, darknet, and selected Computer Security Incident Response Teams (CSIRTs). Consequently, clients are able to access real-time statistics, and thereby identify threats, fraudulent elements, and malware targeting their systems. The DNS module of CSDC blocks malicious requests while a virtual probe, referred to as Genku, obtains information pertaining to the network state. Additionally, Yoroi has designed a specific engine—a multilevel sandbox—for email monitoring that checks for scam-frauds and malicious attachments. It assesses every email attachment and downloaded file in order to discover hidden Malware, while another specific vulnerability engine spots un-patched software that are in place.
Substantiating some of these merits, Ramilli recalls an instance wherein Yoroi spotted the MartyMcFly threat on the Italian Naval industry by intercepting and dissecting an email that was suspected to be malicious due to the inconsistent domain data of the sender inside the SMTP headers. According to an analysis by Kaspersky, these emails had been spread across multiple countries. An excel file inside the email had been designed to trick the recipient into downloading a remote-access Trojan, named MartyMcFly, in order to steal data from organisations’ system. Yoroi successfully outlined the Indicators of Compromise (IoC) inside the email and utilised them to protect all of their clients in the same sector.
In an effort to serve its clients better, Yoroi is currently working on two new technologies in an attempt to enhance its technological portfolio and customer defence infrastructure. First, the company is developing an improved endpoint defender, which will be connected to both Yoroi Threat Intelligence and Yoroi cybersecurity analysts. This will assist clients in detecting potential threats by connecting the defender directly to Yoroi’s cybersecurity analyst dashboard. Added to that, Yoroi is also designing a cybersecurity ICS Probe to defend industrial control systems. “We look forward to driving security countermeasures to the next level in the cyberspace with the aid of our ICS Probe and endpoint defender,” concludes Ramilli.