Threat actors' use of AI and large language models (LLMs) is accelerating the pace of
ransomware and other cyberattacks, making it increasingly challenging for organizations to respond effectively, according to Josh McCarthy, chief product officer at cybersecurity startup,
Arms Cyber.The problem is that most anti-malware solutions – including those protecting against ransomware – are passive in how they work, relying on detecting when an attack occurs and responding to it, McCarthy told MSSP Alert. They are also focused on stopping known malware, which doesn’t sufficiently address zero-day attacks.
But bad actors are shifting to tactics that complicate detection and response, increasingly leveraging AI, zero-day variants, and living-off-the-land (LOTL) techniques—making it harder for defenders to stay ahead of evolving malware and their behavioral patterns.
This is contributing to the large number of ransomware attacks happening now, he said.
To counter this, Arms Cyber has developed an automated moving target defense (AMTD) solution that uses diversion and deception to make it harder for threat actors to launch ransomware attacks.
“Preemptive protection pushes the emphasis back to including secure-by-design principles into the operating system, focusing on blunting the ability for attackers to cause damage and increasing resilience of critical systems no matter if the ransomware strain is known or unknown,” McCarthy said.
Expanding the Capabilities
The Fulton, Maryland-based vendor, which launched in 2020, is building on its solution and introducing new preemptive capabilities like Stealth Directories and support for Linux operating systems, expanding beyond Windows-based systems.
The company views its AMTD platform and its capabilities as complementary to traditional endpoint detection and response (EDR) and antivirus solutions, which its executives say are important but not sufficient in addressing the evolving threat landscape.
“We specifically focus on leveraging the core tenets of hiding, movement, and distraction to enable a zero-trust policy for file accesses to ensure that attackers won't be able to discover, manipulate, or exfiltrate critical data and impact applications,” McCarthy said.
The goal is to counter cybercriminals’ ability to exploit gaps in a target’s defenses, which they often follow with file-based, in-memory, and living-off-the-land (LOTL) attacks that mimic legitimate activity. This makes detection challenging and leads to a high rate of false positives.
Closing Info Access, Supporting Linux
Using LOTL tactics, bad actors create patters that deviate from a company’s normal operating procedures, which Arms Cyber address with zero-trust policies designed to sniff out such intrusions and reinforce the prevention policies against them.
Arms Cyber also wants to make it harder for bad actors to access the information they need about their targets to launch successful attacks. The vendor is integrating its new Stealth Directories at the endpoint, delivering the capability to hide files and keep the information away from attackers.
According to the company, extending support to Linux environments was crucial as many servers run on open source OS variants and that an estimated 96% of the top million web servers use it. The Linux version of Arms Cyber’s offerings includes protection for Linux-based servers and data storage and legacy platforms that don’t support advanced malware protection.
The Value of MSSPs, Other Partners
McCarthy said Arms Cyber is a channel-first company that sees its partners as more than a route to the market.
“Partners are essential to our go-to-market strategy, enabling us to deliver localized support, industry-specific expertise, and end-to-end service for a range of client environments,” he said. “We rely heavily on the channel because it provides the agility and breadth to serve a diverse customer base without compromising on quality or security. It allows us to remain focused on our core capabilities – product innovation and cyber defense – while our partners help drive adoption and implementation.”
For customers,
MSSPs and MSPs are extensions of their internal security teams, implementing Arms Cyber tools in real-world environments.
Evolving Cybercrime Environment
Cybersecurity services company Syngia in a report earlier this month revealed that the number of ransomware attacks in 2024
increased 11% year-over-year, to 5,414, peaking in the fourth quarter. However, blockchain analysis firm Chainalysis highlighted that the amount of ransom paid in the second half of the year tailed off significantly due in part of law enforcement initiatives that disrupted some high-profile operations like LockBit and BlackCat/ALPHV early in 2024.
For the whole year, ransom payments
amounted to $813.55 million, a drop from the secord-setting $1.25 billion for 2023.
Syngia executives stressed about a shifting ransomware environment, stating that “2024 took things to a whole new level. Cybercriminals weren’t just targeting big corporations anymore, they went after hospitals, financial institutions, and even government agencies. Attackers used more advanced encryption, applied ruthless extortion tactics, and hit industries that were least prepared for disruption.”
Adding Executives, Open Resources
Over the past year, Arms Cyber has aggressively added to its leadership team, bringing in McCarthy and others in strategic roles, including strategic advisor, vice president of engineering, chief revenue officer, and chief marketing officer.
It has also announced a number of partnerships, including Solid Border and DigitalEra Group. In December, Arms Cyber
released a
free community edition of its technology – called ACE – and an open source repository as well.
