Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, is pleased to announce a series of upgrades to its flagship Unified Risk Platform (URP). The security suite, engineered to tackle advanced cyber threats, fraud, scams, and online infringements, has been revamped to improve threat detection efficacy, enhance intelligence gathering, and fortify AI capabilities across its modules. Group-IB’s Unified Risk Platform, which was unveiled in June 2022, is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface, providing complete coverage of the cyber response chain.
Revolutionizing Fraud Protection
URP’s module responsible for Fraud Protection has been upgraded with a whole new Fraud Matrix framework. Based on the MITRE ATT&CK® model, Group-IB’s Fraud Matrix allows users to deconstruct and catalog fraud schemes, regardless of their complexity and number of stages, to better understand TTPs leveraged by fraudsters. Precise fraud categorization is achieved through the enrichment of Fraud Intelligence — another brand-new feature introduced this year. Group-IB’s fraud intel team collects and analyzes insights that allow the identification and sharing of interbank fraudulent activities and turn knowledge about schemes into actionable anti-fraud strategies for each company. The AI-powered enhancements have been introduced to improve behavioral fraud detection capabilities.
Additionally, Group-IB’s Fraud Protection customers can now access a 100% no-code fraud detection Rule Builder. This recent enhancement allows customers to effortlessly build and test custom fraud detection rules using historical data from millions of sessions. This feature reduces false positives and increases the accuracy of anomaly detection to prevent fraud more effectively.
Group-IB also successfully launched its Cyber Fraud Intelligence Platform, built upon its proprietary Fraud Protection Platform. It is a first-of-its-kind solution that monitors diverse data sets such as device fingerprints, IP addresses, malware signatures, and fraudster profiles. It facilitates the aggregation of such anonymized data to generate insights on fraud threats and patterns, simplify fraud detection, and disrupt the laundering of fraud proceeds.
AI vs Scams
Group-IB’s Digital Risk Protection, a URP module dedicated to fighting scams and brand violations, has been empowered with AI algorithms, trained with over a decade’s worth of collected data, to improve the detection efficiency of phishing and scam websites that impersonate legitimate companies. An enhanced AI-infused engine helps in the automated creation of signatures to speed up the detection of typosquatting and illicit use of brand logos. The implementation of the large-scale computer vision system has improved the detection rate of unauthorized brand logo usage by 40%, while, at the same time, implementing a three-fold decrease in the neural network’s training time. To streamline the takedown process, Group-IB released its Smart Abuse Tool — the first-ever managed takedown assistant that enables Group-IB’s customers and managed security service provider (MSSP) partners to eliminate IP violations seamlessly and independently.
The AI assistant is designed to draft abuse reports, identify appropriate registrars, and send takedown requests. The issue of transparency of the process has also been resolved – now each stage of the takedown can be easily tracked in the history of events in order to find out all the details of interaction with the regulator and the predicted time frame for eliminating violations.
AI-driven takedown tips help in selecting the most effective communication channels, and methods of interaction with regulators. They also address subtle yet impactful aspects, such as determining the most suitable time and day of the week for sending a takedown request, as well as optimizing the tone of the text. The scam intelligence section has also been updated to include the scam news and reports feed.
Augmented Threat Intelligence
Group-IB’s Threat Intelligence, the lifeblood of the Unified Risk Platform, has been supercharged to improve the efficiency of the company’s patented Graph Network Analysis tool. Group-IB has further expanded its intelligence-gathering network by implementing real-time cybersecurity news monitoring and IOCs filtering and extraction capability. The platform now offers extended coverage of scanning hosts, VPN hosts, DDoS, and augmented phishing attacks. Threat Intelligence customers can prioritize threat hunting efforts with a newly added real-time dashboard showcasing trending threats, vulnerabilities, the activity of threat actors, and malware strains that can be customized and filtered.
A new tagging system has been implemented for all underground messages. Each message is now labeled with identifiers linked to specific types of malicious activity such as phishing, ransomware, and DDoS. This feature allows Group-IB’s customers to quickly grasp the message’s context and apply smart filtering using these tags, making it easier to locate the most relevant content for their research.
To keep its customers ahead in the fight against cybercrime, Group-IB’s Threat Intelligence now provides early access to notifications generated by Group-IB’s internal hunting rules, designed by Group-IB’s CTI analysts during their research on threat actors, to closely monitor the adversaries’ infrastructure.
MXDR Services
URP has extended MXDR (Managed Extended Detection & Response) functionality to Linux and MacOS systems as well as remediation functionality for Windows EDR. A graph-based representation of alerts has been made available for all alert types, including Email, Network, EDR, and sandbox to provide a comprehensive view of potential threats and facilitate incident management. Customers can now obtain live access to virtual machines within the Malware Detonation Platform through an intuitive web interface. Group-IB’s malware detonation has undergone a series of AI-driven optimizations to enhance the detection of “malware-free” attacks. The latest update includes the implementation of a status model and improved mechanics for assigning alerts to analysts, thereby enhancing MXDR functionality and analysis capabilities.
Attack Surface Management becomes more seamless
Group-IB has extended Attack Surface Management’s capabilities to cover typosquatting detection. Now, in the asset section, customers can investigate all typosquatted domains under their care along with all relevant details. In addition, Group-IB two-way REST API has received significant updates, allowing it to accept inputs for updating issue statuses. Group-IB has also enhanced URL sharing with applied filters, making collaboration on security fixes more seamless. Another new feature is the introduction of Group-IB’s live Telegram bot for notification alerts and remediation guidance, where hand-written recommendations from the Group-IB team will explain issues and guide the user toward possible solutions. Lastly, Group-IB has introduced new asset and issue algorithms to make severity determination a lot easier.
“The widespread adoption of artificial intelligence is a pivotal moment for the cybersecurity industry. AI is not going to magically solve all of the industry’s problems. But there is no doubt it will transform the landscape of cyber defense systems. The key lies in leveraging AI to innovate and complement human expertise, not replace it. Success will be determined by how effectively companies navigate this path. We remain committed to fighting cybercrime while empowering our customers and partners with the best in class defense in line with the nature of ever-evolving cyber threats.”
Co-founder and CEO of Group-IB
