CISA, the Cybersecurity and Infrastructure Security Agency, announced it would discontinue key cybersecurity tools this week. Staff in the agency’s threat hunting division received notification that they would cease using VirusTotal by April 20 and had already halted Censys in late March. These tools are crucial for identifying malicious files, URLs, and vulnerable services across federal networks, but CISA plans to find alternatives soon to minimize operational disruptions. The loss of these tools has raised concerns about the agency’s ability to effectively respond to cyber threats.
VirusTotal is a widely-used malware analysis platform that aggregates findings from various antivirus engines, assisting threat hunters.
The tool’s API is essential for detecting malware automatically, enabling rapid analysis of suspicious files. Similarly, Censys scans the internet for exposed devices, which helps identify vulnerable configurations in federal networks. Censys was integral to tracking these vulnerabilities, and its loss leaves a significant gap in the agency’s monitoring efforts.
CISA’s decision has affected more than just software tools, as contractors from Nightwing and Peraton were required to surrender their phones. These contractors had been supporting CISA’s threat hunting operations, which actively searched for indicators of compromise within civilian federal networks. The disruption is concerning for industry experts, as the tools used by CISA’s threat hunters are essential for efficiently identifying and responding to potential cybersecurity incidents.
This announcement follows another controversy earlier in the year when CISA briefly indicated it would stop supporting the CVE Program, which tracks cybersecurity vulnerabilities. The agency later reversed the decision and extended its contract. This ongoing uncertainty and disruption in CISA’s operations raise concerns about its ability to maintain effective cybersecurity defense strategies amid the reductions.
Reference: