Thursday, February 6, 2025
HomeAmazon AWSAWS Launches Mithra To Detect Malicious Domains Across Systems

AWS Launches Mithra To Detect Malicious Domains Across Systems

Published on

SIEM as a Service

Follow Us on Google News

Amazon’s e-commerce platforms and cloud services form a digital ecosystem requiring a strong cybersecurity framework.

Amazon, which has a vast online presence covering multiple domains and services, is at great risk of being attacked by advanced cyber threats.

For this reason, Amazon uses an innovative mixture of the latest technologies and old security measures to protect against these vulnerabilities.

Besides this, recently, AWS launched Mithra to detect malicious domains across systems.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

AWS Launches Mithra

Detecting and responding to cyberattacks in real-time using its global cloud infrastructure is what AWS does best.

MadPot, a global honeypot network, and Mithra, a massive neural network graph model with 3.5 billion nodes, are some of the AI-based tools that it uses for this purpose.

By handling trillions of DNS requests per day, they can identify an average of 182,000 new malicious domains each day, which in most cases precedes third-party feeds by months.

As such, this high-definition threat intel can be seen in Amazon GuardDuty and other services, as well as automatically protecting millions of customers’ AWS accounts against next-gen cyber threats.

In the following ways, the Mithra can be used:-

  • Use a high-confidence list of malicious domains in GuardDuty for protection.
  • Block malicious domains and receive threat alerts with GuardDuty.
  • Reduce false positives with Mithra’s scores in third-party threat feeds.
  • Mithra’s scores can be used by the AWS security analysts for additional context in investigations.

Mithra acts like a huge pipe that swallows up data since it can process 200 trillion DNS requests each day in a single Amazon Web Services region. 

This platform, which utilizes machine learning, detects about 182,000 new malicious domains per day due to Amazon’s vast network, which handles 25% of global internet traffic. 

Mithra has built-in responses to bad signals left by attackers without human interference, which increases its efficiency. 

It also integrates with multiple AWS security services, such as WAF and Amazon GuardDuty, leading to full coverage.

Proactively protecting both customers and non-customer organizations, AWS actively uses its wealth of threat intelligence.

AWS’s affected parties are alerted to such potential compromises as vulnerabilities and misconfigured systems which AWS identifies promptly at times making them first aware of such issues.

Further details regarding the alerts include actionable recommendations like blocking specific domains, implementing security patches, or conducting forensic investigations.

That means companies can prevent attacks rather than simply reacting to events in this way.

Moreover, AWS encourages a collaborative security ecosystem that enables informed entities to share IOCs as well as attack vectors such as social engineering techniques, phishing campaigns, zero-day exploits, and remote code execution methods.

By enabling this kind of information sharing between it and other organizations in response to threats, AWS’s threat intelligence is enhanced further.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Hackers Exploit 3,000 ASP.NET Machine Keys to Hack IIS Web Servers Remotely

Microsoft has raised alarms about a new cyber threat involving ViewState code injection attacks...

Abyss Locker Ransomware Attacking Critical Network Devices including ESXi servers

The Abyss Locker ransomware, a relatively new but highly disruptive cyber threat, has been...

Weaponized SVG Files With Google Drive Links Attacking Gmail, Outlook & Dropbox Users

A new wave of phishing attacks is leveraging Scalable Vector Graphics (SVG) files to...

Flesh Stealer Malware Attacking Chrome, Firefox, and Edge Users to Steal Passwords

A newly identified malware, Flesh Stealer, is rapidly emerging as a significant cybersecurity threat...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Abyss Locker Ransomware Attacking Critical Network Devices including ESXi servers

The Abyss Locker ransomware, a relatively new but highly disruptive cyber threat, has been...

Weaponized SVG Files With Google Drive Links Attacking Gmail, Outlook & Dropbox Users

A new wave of phishing attacks is leveraging Scalable Vector Graphics (SVG) files to...

Flesh Stealer Malware Attacking Chrome, Firefox, and Edge Users to Steal Passwords

A newly identified malware, Flesh Stealer, is rapidly emerging as a significant cybersecurity threat...