Introduction

As 2024 comes to a close, we’ve already rolled out four impactful releases, each packed with new features and enhancements across our VMRay Platform products. Now, we’re excited to share a bonus 5th release, focusing primarily on improving the Platform’s overall maintenance and stability. While this release may not be feature-heavy, it’s a crucial step in ensuring the performance and reliability you’ve come to rely on.

VMRay Platform Now Running on Ubuntu 22.04 LTS

We’re happy to announce that the VMRay Platform has been upgraded to Ubuntu 22.04 LTS. This migration is part of our ongoing commitment to keeping our Platform secure, stable, and compliant with industry standards.

What’s Changing?

The move to Ubuntu 22.04 is a routine maintenance update that affects all components of the Platform. There are no major changes to functionality—just a solid upgrade to ensure our systems continue to run on an actively supported and secure operating system.

Ubuntu 20.04, which our Platform previously ran on, will reach its end-of-support on April 22, 2025. To stay ahead of this deadline, we’ve moved to the newer version of Ubuntu, which will ensure that both VMRay and our customers are using a host system with long-term support. This keeps our infrastructure up to date with security patches and compliance requirements.

Detection Highlights of 2024 – A Year in Review

At VMRay, we continuously evolve to stay ahead of the ever-changing threat landscape. If you’re a regular follower of our detection updates, you’re no stranger to our commitment to delivering robust detection solutions. Here’s a snapshot of the key detection updates that have helped keep our customers ahead of emerging cyber threats.

The threat landscape never stands still, and neither do we. Our detection engineers and researchers work around the clock, delivering weekly updates that ensure our customers are protected from the latest tactics, techniques, and procedures (TTPs) employed by threat actors. Whether it’s new malware variants, more deceptive phishing attacks, or newly emerging attack vectors, VMRay has made 2024 a year of significant progress and readiness.

400+ Detection Updates Across 8 Categories

Throughout 2024, VMRay delivered over 400 updates focused on enhancing our malware and phishing detection across multiple categories. Here’s a recap of the categories that received the most frequent updates:

• VMRay Threat Identifiers (VTIs) – enhancing detection capabilities through precise behavioral insights.
• YARA rules – expanded YARA rulesets aimed at identifying both new and existing malware variants with greater accuracy.
• Malware configuration extractors – we offer configuration extractors for over 35 distinct malware families, boosting detection and response by providing deep insights into threat payloads.
• Machine learning-based detection – leveraging AI to detect phishing attempts more efficiently by learning patterns from vast datasets.
• URL heuristics & Smart Link Detonation – strengthening URL analysis to spot malicious links with smarter detonation triggers, capable of uncovering hidden threats in increasingly obfuscated phishing attempts.

Advanced Delivery Chains in Phishing Addressed in 2024

In 2024, VMRay made significant steps forward in enhancing our phishing detection capabilities by addressing complex attack vectors through our Advanced Delivery Chains initiative. While URLs are often the starting point for User-Reported Phishing (URP) analysis, we are well aware that phishing attacks are constantly evolving. Attackers are increasingly using layered techniques, starting with PDFs, ISO files, or other attachments that lead to a chain of malicious actions. Our goal this year was to better support these multi-stage attacks and strengthen our ability to detect and neutralize them.

Here’s a quick summary of the initiative’s key (and not all!) achievements:

1. Dynamic Analysis of ISO and UDF Files
   Introduced full static and dynamic analysis support for ISO and UDF disk images. This enhancement allowed the VMRay Platform to detect threats distributed via these file formats, which became increasingly popular in mid/late-2023.
2. Handling Big Samples
   Expanded the Platform’s file upload limit, enabling the analysis of large malware samples (several hundred MBs). This ensures accurate detection of larger, more complex malicious payloads.
3. QR Code Analysis
   Introduced QR code extraction improving detection of phishing attacks that embed malicious links in QR codes to evade traditional detection methods.
4. Extract QR codes from PDFs
   Added functionality to extract URLs embedded in QR codes within PDFs and automatically submit them for web analysis.
5. URL extraction from OneNote Documents
   Improved OneNote document analysis by enabling the parsing and extraction of visible URLs, allowing for better detection of phishing and malicious URLs embedded within OneNote files.
6. Detecting LNK-triggered Scripts in Compound Samples
   Enhanced detection capabilities for compound samples containing LNK files, specifically targeting LNK-triggered Windows scripts. Particularly effective against malware such as Qbot, which used this attack method.

Integrated SentinelOne EDR Connector

One of the key highlights of 2024 was the introduction of our Integrated SentinelOne EDR Connector, which debuted in the VMRay Platform 2024.3.0 release.

A Seamless Integration

This feature significantly simplifies the process of integrating with SentinelOne through the VMRay Platform. With just a few clicks in the VMRay Platform’s settings page, you can configure automatic detection and submission of incidents from SentinelOne to VMRay. Once set up, the incidents are automatically enriched with detailed insights, including Threat Classifications, Indicators of Compromise (IOCs), VMRay Threat Identifiers (VTIs), and more.

Positive Customer Feedback

Our customers have embraced this feature enthusiastically. Its ease of setup and straightforward configuration have made it a popular choice, driving widespread adoption. The seamless integration and enrichment of incident data have become valuable for those seeking to enhance their security operations.

If you haven’t yet explored the SentinelOne EDR Connector, now is a great time to see how it can streamline your incident response by adding critical threat intelligence from VMRay.

Final Thoughts

Looking ahead, we’re planning to enhance our GeofenceVPN feature for Cloud users, enabling the default gateways to support residential IP addresses. In 2025, we’ll return to our regular four-release schedule, bringing exciting new features to the table. Stay tuned as we embark on another year of innovation and growth.

We’ll be back with more updates and developments next year—until then, stay secure!