Region 10 Website.

Tools you can use
in your everyday cyber-hygiene

Suspicious File?

A couple of options when handling suspected malware.

There are many times that you come across a file that has suspicious characteristics, but your Next Gen AV has been mum?

Submit It!

You can submit the file (or URL for that matter) to Virus Total and you will get a good picture of what the AV engines think of that file. Virus Total is a free virus, malware and URL online scanning service.

Detonate it!

There could be a threat that has barely registered on the above AV's radar. Newer exploits and zero days will sometimes not quite register with the AV engines so you will only see two or three who mark the package as suspicious. A good way of finding out if the file or link in question is malicious is to detonate it. Here are a couple of sites where you can see the file in action from the safety of your virtual bunker.

• My personal favorite (especially because the basic version is free) is Any.run.  Any.run is "Interactive online malware analysis service for dynamic and static research of most types of threats using any environments. Replaces a set of tools for research ." There are some Word documents that the user might swear is kosher and I sometimes I detonate a file to see what it spawns. Here is a link to a file I detonated not too long ago.

• If you join (for free) the Center for Internet Security - CIS, you will get access to MCAP. MCAP is their Malicious Code Analysis Platform. You can submit a file and it will give you one of the more comprehensive reports on that particular submission.
• One of the newer platforms coming out of Israel (a LOT of good products have come out of Israeli cybersecurity community) is SNDBOX. This one is is more geared towards malware analysts because the information is very detailed for those out there that are into Malware analysis and reverse engineering (In depth signatures, process tree information and "artifacts")

Other Resources:

Here are 6 resources that provide cybersecurity information tailored for K-12 and are free:

1. CISA K-12 Resources: This website provides resources designed to help individuals and K-12 educational institutions remain secure during a time of remote and hybrid learning. It includes general cybersecurity best practices, video-conferencing best practices, and a list of available resources. [1]

2. Cybersecurity Resources - Office of Educational Technology: This website provides various technical assistance for both K-12 and higher education. Multiple offices at The Department provide resources on cybersecurity, therefore this page will serve as a way to communicate information about the topic and curate resources in one place. [2]

3. Cybersecurity for K-12 Education - CISA: This website provides a one-stop-shop for federal school safety resources, programs, and actionable recommendations for creating a safe environment where students can thrive. [3]

4. The K-12 Cybersecurity Resource Center: This website is maintained as a free, independent service to the K-12 community by the K12 Security Information eXchange (K12 SIX). It provides information about cybersecurity incidents, news, and resources. [4]

5. 5 Reliable K–12 Cybersecurity Resources | EdTech Magazine: This website provides a list of 5 reliable K-12 cybersecurity resources including the National Institute of Standards and Technology Framework and CoSN Aggregated Cybersecurity Resources. [5]

6. SCHOOLSAFETY.GOV - Cybersecurity Resources: This website offers resources, programs, and tools school communities can use to prevent, respond to, and if needed, recover from cybersecurity threats and incidents. [6]

Citations:
[1] https://www.cisa.gov/stopransomware/k-12-resources
[2] https://tech.ed.gov/cyberhelp/
[3] https://www.cisa.gov/K12Cybersecurity
[4] https://k12cybersecure.com
[5] https://edtechmagazine.com/k12/article/2022/05/5-reliable-k-12-cybersecurity-resources
[6] https://www.schoolsafety.gov/sites/default/files/2022-07/Cybersecurity%20Resources.pdf