We are currently in the midst of a global crisis produced by the coronavirus pandemic and the world as we know will probably change. In times of crisis, cybersecurity is increasingly relevant and we need to pay extra attention to the rise in cybersecurity attacks perpetrated by different adversaries, such as cybercriminals or nation-state sponsored groups, as they look to capitalise on the situation. All verticals are affected, but the manufacturing, pharmaceutical, travel, healthcare, and insurance industries now seem to be the main target. Banking is another sector where fraud attempts are on the rise. In this scenario, social and labour changes related to confinement add a new challenge to security teams, and this situation is forcing organizations to adapt to rapidly evolving security requirements. The sudden transition to remote work has increased the vulnerabilities and has brought a wider digital perimeter to protect: remote connectivity systems, virtual private networks, virtual desktop servers, remote desktop connections, file sharing, FTP servers and several more. From now on, we can expect a shift in both the corporate security and the compliance approach, with the aim of supporting a workforce that has become more remote than ever before.
Cybercriminal activity is expected to rise as the economic slowdown continues
As in other areas of Threat Intelligence, this study and modeling of attacks and attackers can be separated into several levels:
- Legions of new remote workers exposed to spear-phishing campaigns due to human error, such as clicking on phishing links or falling for social engineering schemes.
- An overwhelming number of alerts raised by automatic threat detection based on rules, AI, UEBA, etc. that need to deal with a new baseline of network traffic and behavior anomalies. These alerts will flood the Security Operation Center and the triage of such alerts can be a problem.
- Unfortunately, because of the volatile economy & job market at the moment, an increasing number of insiders and ex-employees may attempt to exfiltrate data for profit. IT workers who have recently found themselves jobless have the technical abilities needed to steal data or commit fraud, along with specific knowledge of their former employer’s IT systems.
How can Cyber Deception Technology Help in this Situation?
CounterCraft has prepared specific security packs to face these new cybersecurity scenarios and challenges, to which companies are exposed during the health crisis. We propose detection and reaction to cybersecurity incidents, as well as obtaining the necessary information and intelligence about attacks in a remote work scenario (VPN), as well as for cases of spear phishing and credentials theft. In addition, the company offers its support and solutions on a voluntary basis to the health services that might require it.
How can we help organisations?
- The CounterCraft Cyber Deception solution can be a great accelerator for detection and response teams, as it produces high fidelity alerts that can be leveraged by the security departments to react and respond in a more accurate and timely manner.
- Custom deception campaigns deployed and managed using CounterCraft avoid the generation of false positives, alleviating some burden from SOC departments. Less time to triage the alerts means more time to react.
- Following Darwin’s quote: “It is not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change”. CounterCraft allows the organizations to adapt to the forthcoming challenges by being able to define and easily deploy specific deception campaigns as the situation requires, all in a timely manner.
- According to Gartner, deception is simple, inexpensive and it works: it reduces the detection time x12 and improves dwell time in more than 90%. CounterCraft is recognized by Gartner as one of the most competitive, flexible and forward-thinking cyber deception solutions in the market.
- CounterCraft provides a catalogue of 25 ready-made deception campaigns, including the cases mentioned above like spear phishing, data exfiltration, SWIFT attack, lateral movement detection, etc.
Advanced intelligence gathered by the campaigns, enriched and matched against MITRE ATT&CK™ provides the security teams with formidable insight on the main questions about What, Who and How attackers are proceeding against the organization. This actionable intelligence enriched and delivered as Threat Data, TTPs and IOCs from the adversaries can be shared immediately with your current cybersecurity solution ecosystem including SIEM, SOAR, MISP, Sandbox, and others.
Whatever the future might bring, organisations and people will find ways to adapt to the situation. As far as cybersecurity is concerned, CounterCraft will keep on evolving and supporting different sectors against advanced adversaries. Do you want to know how? Schedule a demo here.