Article Details

CISA makes its "Malware Next-Gen" analysis system publicly available. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA. Malware Next-Gen is a malware analysis platform that examines malware samples for suspicious artifacts. It was originally designed to allow U.S. federal, state, local, tribal, and territorial government agencies to submit suspicious files and receive automated malware analysis through static and dynamic analysis tools. Yesterday, CISA released a new version of the system that allows any organization or person to submit files to the system. "The Cybersecurity and Infrastructure Security Agency (CISA) announces today a new release of our malware analysis system, called Malware Next-Gen, which allows any organization to submit malware samples and other suspicious artifacts for analysis," reads the announcement. "Malware Next-Gen allows CISA to more effectively support our partners by automating analysis of newly identified malware and enhancing the cyber defense efforts." Malware Next-Gen is designed to handle the growing workload of cyber-threat analysis by offering advanced and reliable analysis on a scalable platform featuring multilevel containment capabilities for automatic analysis of potentially malicious files or URLs. CISA's Executive Assistant Director for Cybersecurity, Eric Goldstein, sees this new platform as a contributor to the national cybersecurity and critical infrastructure bolstering efforts. Goldstein hopes that Malware Next-Gen will streamline processes that allow the agency to hunt for new threats and analyze, correlate, and enrich data that's valuable in cyber-threat response operations. Availability Malware Next-Gen was made available to a limited number of government organizations since November 2023, leading to the identification of 200 suspicious or malicious files and URLs from 1,600 submissions. CISA encourages all organizations, security researchers, and individuals to register and submit suspicious files to the platform for analysis, which requires registration with a login.gov account. Submitted files are analyzed in a secure environment employing a combination of static and dynamic analysis tools, and the results are provided in PDF and STIX 2.1 formats. For those who wish to remain anonymous, there's also an option to submit malware samples through this portal for unregistered users, though analysis results won't be made available to them. However, only CISA analysts and other vetted people will have access to the malware analysis reports generated by the system. Therefore, if you wish to receive an immediate analysis of a suspicious file, VirusTotal remains an excellent option. Finally, CISA warns users to refrain from attempting to misuse the system, waive any privacy expectations, and ensure that the information they submit on the platform does not contain classified data.