Kaspersky GReAT shares expertise on threat hunting with YARA in new online training course
September 2020 by Marc Jacob
Kaspersky is unveiling a new online self-study course, entitled ‘Hunt APTs with YARA like a GReAT Ninja.’ Armed with this training, any IT security professional interested in the topic can learn from the Kaspersky Global Research & Analysis Team’s best practices on threat hunting with YARA. In addition to the practical insights from the company’s world-renowned cybersecurity experts, participants will receive access to a special virtual lab, where they can practice their new skills, analysing samples and testing YARA rules.
YARA is a unique tool that, among other things, makes it easier to identify and classify new malware samples. With its help, security analysts can create certain patterns, or ‘rules’, and search for files that match them using security solutions or multi-scanner systems. By following a few know-how guides and some effort, a researcher or a security team can achieve a new level of knowledge in threat detection, mitigation and response.
Continuous education is essential to keep IT security teams ready and effective – 35% of IT decision makers from enterprises cited improving their security specialists’ level of expertise as the main reason to increase their IT security budget. However, the pandemic has put restrictions on real-world, in-class learning activities. In order to respond to this challenge and make the course more available for individual learners, Kaspersky moved its training on YARA to an online format.
The video course is authored by the Kaspersky Global Research & Analysis Team (GReAT), an internationally recognised cybersecurity group of malware researchers and threat hunters. It provides first-hand recommendations on how to search for APT-related malware samples, as well as both new and zero-day exploits that the Kaspersky GReAT team has learned about following decades of threat research.
To reinforce the gained knowledge, the training also includes quizzes and the ability to practice in an exclusive virtual lab. Participants are offered over 20 practical exercises to test their YARA rules against real-life APT cases that Kaspersky’s team has encountered during its work.
Kaspersky has granted free, early access to the course for individuals from a wide variety of non-profit and non-governmental organisations. This includes groups that focus on gender-based violence, human and digital rights, cybersecurity research, cyber policy and diplomacy, and supporting active and veteran armed forces personnel transitioning to roles in the IT security industry. Organisations with representatives participating in the training include Blueprint for Free Speech, Circle of Women in Cybersecurity (CEFCYS), Cyber Peace Foundation (CPF), DiploFoundation, Federal Association of Women’s Counselling and Rape Crisis Centres (bff), GEODE, Institute for Strategic Research (IRSEM) and Sciences Po, and VetSec, Inc. Feedback from these organisations will help Kaspersky improve the training, and the knowledge gained by the participants will enhance both their ability to protect organisations from attacks, as well as their threat hunting skills.
"The training will definitely add value to Cyber Peace Foundation’s skills in terms of learning new technologies like YARA rules for malware investigation and the latest APT threat hunting techniques, in order to help our research team to dive deeper into the investigation and analysis of malware, exploits and zero days which can significantly impact the eKawach project," comments Vineet Kumar, President of Cyber Peace Foundation.
“The main purpose of the CEFCYS is to promote and increase women’s leadership in cybersecurity jobs thanks to tangible actions, such as the development of a mentoring, education and training programs. In this context, the YARA training program offered by Kaspersky to some of our members is a great opportunity and perfectly fits CEFCYS’s purpose. The technical and practical aspects of this course is an interesting challenge that breaks preconceived ideas about the fact that cybersecurity technical issues should only be men’s business. This online course will make it possible for CEFCYS members, to increase their practical skills about data analysis and monitoring so they identify the chronology and the sources of threats and attacks. This program will probably help to excite the curiosity of other women, and to attract them so they discover other similar training courses oriented toward the technical aspects of cybersecurity,” comments Nacira Salvan, Founder and President of the CEFCYS.
‘Hunt APTs with YARA like a GReAT Ninja’ is the first training course in Kaspersky’s portfolio of education programs for security professionals which will be made available online.