CSI: ACE Insight

A CyberSecurity Intelligence (CSI) service


E.g.: 10.1.16.32,
http://www.domain.com,
http://www.domain.com/sub/sub/sub.html,
http://www.pathtofile.com/file.exe
Url contains invalid format or characters 5 reports remaining CSI ACE Insight is a tool for assessing the current state and risk level of a web link or IP address.
CSI ACE Insight performs real-time content analysis, and then displays a report of its findings.

Files are analyzed in the Forcepoint ThreatScope™ tool, a sandbox that identifies threats and, if applicable, provides forensic details on a file's infection and post-infection behavior. File submission methods and sandboxing results vary according to user access level:

  • All Levels: The ThreatScope tool is activated whenever a link submitted to CSI ACE Insight initiates a file download.
  • Level 1 & 2: Only web-based files can be submitted to the ThreatScope tool, under the "Enter a URL/IP Address" tab. A CSI ACE Insight report is generated after analysis, indicating the severity level of any threat detected.
  • Level 3: Local files and web-based files can be submitted to the ThreatScope tool, under the "Upload a File" tab or "Enter a URL/IP Address" tab, respectively. A complete ACE Insight Report is generated after analysis, indicating the severity level of any threat detected, as well as describing any activities found in processes, the registry, and other areas of the computer.

Welcome Guest

Login

Your current level of access:
Threat Report

2016 Threat Report

Learn from the only cyber threat report backed by Forcepoint Security Labs™ intelligence operatives.

Latest from Security Labs Blog

Range Technique Permits Ursnif To Jump Onto Your Machine

January 8, 2016

On January 5th Raytheon|Websense® researchers noticed an interesting e-mail sample from a recent and ongoing e-mail campaign which contained a malicious document attachment and downloaded malware in a unique way. The Microsoft Office Word document downloaded the malicious payload from a JPG file but, where a normal browsing user would see an image of Kangaroo, the malicious document saw a different file - the Ursnif credential stealer.

HTTPS Bicycle Attack - Obtaining Passwords From TLS Encrypted Browser Requests

January 5, 2016

A paper detailing a new attack vector on TLS was released on December 30. The attack, known as the HTTPS Bicycle Attack, is able to determine the length of specific parts of the plain-text data underneath captured TLS packets using a side-channel attack with already known information. The attack has a few prerequisites but could be applied in a real world scenario, and is completely undetectable due to its passive nature.

An Early Christmas Present Exploits CVE-2015-8446 And Drops CryptoWall 4.0

December 22, 2015

Today, we came across a website providing free Christmas graphics along with an early but unwanted Christmas present. The website christmas-graphics-plus[.]com is injected with malicious code that leads users on a virtual sleigh ride to Angler Exploit Kit (EK) and drops the new CryptoWall 4.0 ransomware. If you were to visit this grotto, then all of your documents would be encrypted and held to ransom - including your Christmas card address book. The real Nightmare Before Christmas.