Facebook Image TrustPeers Resource - Incident Response Threat Intelligence Insights june 2021 TrustPeers Description Image

Incident Response’s threat Intelligence insights June 2021

How working from home affected cyber Incident Response plans and how to handle a cyber security emergencies remotely?

Author: TrustPeers team 3 Min read | June 26, 2021

By March 2020, the COVID-19 outbreak had already reached more than 100 countries and was officially designated a pandemic. The world has now been fighting this unprecedented virus for a whole year. In addition to its obvious effects on individuals’ health and entire countries’ economies, the disease’s spread triggered sudden and radical changes in the daily life of millions of people. Work and study moved to the home, and videoconferencing replaced social and business meetings. The massive shift online has only exacerbated cybersecurity concerns. See https://www.kaspersky.com/blog/pandemic-year- in-infosec/39123

Ghost Hacker Image
Working from home

Many companies did not provide their employees with corporate equipment. Instead, they allowed staff to work and connect to the office IT infrastructure from home devices, which in many cases are poorly protected. According to a survey made by Kaspersky, 68% of respondents worked at home using their personal computers. In the fall, another survey was conducted and showed that even more people were in this position. About 80% of people surveyed used their home computers for work, even though more than half (51%) of respondents were provided with the necessary equipment by their employers.

Remote workers also used their personal devices for entertainment, playing online games (31%) and watching movies (34%). However, many also used company laptops and smartphones for unintended purposes. For example, 18% of respondents used them to view adult content. Cybercriminals have actively exploited the increased interest in online entertainment by trying to lure users to fake sites and persuade them to download malware disguised as a movie or an installation file. A total of 61% of users surveyed in the fall admitted that they downloaded software from torrent sites, 65% used such sites for music and 66% for movies.

Cybercriminals and COVID-19 meet

This upheaval created opportunities for cybercriminals, as they exploited these situations in executing their malicious intents. This is not the first time that cybercriminals have taken advantage of the current and significant events to lure more victims, as there were instances from the past years that shows how they utilize these happenings to spread malware. An example of which was the 2018 FIFA World Cup wherein cybercriminals created a fake FIFA partner website to gain access to victim’s bank accounts and drop a malicious file into the victim’s machine. See https://www.gdatasoftware.com/blog/global-pandemic-remcos-tesla-netwire

While working from home does not sound like too bad of an idea, it introduced a large collection of regulatory issues, as well as made the process of dealing with these issues much more difficult: meetings are taking place on remote systems, files are being shared on online 3rd party platforms, Instant Messages applications are being used to discuss sensitive topics.

Considering that these are the ways of communication the employees have with each other, it becomes nearly impossible to properly handle cyber security threats in the organization, since the way of communication is the problem to begin with.

Incident Response plan in 2021

The beginning of 2020 has been appalling for most parts of the world being affected by Coronavirus disease 2019. This brought about a change in the everyday life of every individual in every country striving to sustain their daily tasks while simultaneously preventing further infection. Given this situation, businesses and schools have opted to transition to a ‘virtual setting’ wherein a job can be done remotely and school discussion as well as office meetings can be held via conference calls using applications like Zoom, Skype or Microsoft Teams. There has been a surge in demand for platforms for video and audio conferencing, chat and webinar solutions.

Most common cause of Data Breaches in 2021
  • Phishing Attacks

    Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message containing malicious content.

    With the rise in numbers of people infected by COVID-19 all over the world, cybercriminals work their way to increase the number of spam emails and phishing links related to COVID-19 proliferating in the cyberworld as well. They even made their cyberattacks more diverse in a way that they not only send spam emails with malicious attachments, but also created fake websites with fake COVID-19 related contents for victims to freely access like coronavirus- map[.]com (website is already unreachable at the time of writing). Some of these fake websites contain fake information regarding the current world statistics of COVID-19 cases. These fake websites often contain malicious cryptomining related contents known as cryptojacking which can harm the user’s system by utilizing the system’s resources to earn digital money such as Bitcoin for the malicious actor’s gain without the user’s consent.

    While some cybercriminals choose to explore new ways with their approach in pursuing their cybercrimes, some opt to carry on with the old ways like spam emails but with improved contents to make their attacks more successful.

So how do you handle a cyber security emergency remotely?

During a cyber-attack, every second counts in the race to ward off the attackers, protect your systems and recover or reverse whatever damage may have already been caused before you realized you were even in danger.

TrustPeers offer a unified, secured and remoted war rooms platform centralizes the information and provides customizable privileged access to team members, executives, vendors, and on demand experts. Multiple war rooms can be run simultaneously, with a semi-automated AI assistance agent, communication and activities recording, and automated reporting.

By providing location agnostic, secure communication between stakeholders across multiple war rooms, each with its unique passcode and permissions, TrustPeers enable secured-by-design incident process.

The incident response plan modules include Immediate access to bank of predefined playbooks covering the most frequent attack scenarios:

  • Phishing
  • Business Email Compromise
  • Whaling
  • Ransomware
  • IO insertion
  • Data Leakage
  • Data Leakage (DPO)
  • Fraudulent Financial Transaction • Admin Password BF
  • Unauthorized Domain Admin
Stay Safe with Cyber Crisis Management solutions

TrustPeers offers a simple solution to this exact problem, by providing a secure platform where businesses can quickly and easily access professional cyber sessions 24/7, provided by leading cyber experts from all over the world, all pre-screened, rated and categorized according to their skill sets.

In addition to the easy access to a variety of experts and sessions, at TrustPeers you can benefit from some innovative solutions for all your security needs, including instant emergency solutions that can prevent disaster in case of an immediate risk or threat.

TrustPeers proprietary crisis management SaaS platform is based on a unique PPRP (Planning, Practice, Response, Post) methodology that revolutionizes existing Incident Response (IR) solutions by handling the entire incident lifecycle. Tel Aviv-based since 2019, TrustPeers is led by co-founders Eli Cohen and Aviv Katz who are keen to disrupt the cyber market by offering a CISO-friendly, SaaS self-learning IR solution.

Meet TrustPeers

TrustPeers is an Incident Response technology company. It develops an innovative Cyber Crisis Management platform that saves organizations in real time, by allowing them to prepare for attacks and take control over cyber emergencies.

Our proprietary crisis management SaaS platform is based on a unique PPRP (Planning, Practice, Response, Post) methodology that revolutionizes existing Incident Response (IR) solutions by handling the entire incident lifecycle.

For more information contact us.

More Resources