The Cybots team would like to express its profound gratitude to all first responders, healthcare workers, and law enforcement worldwide for sacrificing their safety to keep the rest of us safe and healthy. In addition, our hearts go out to those whose loved ones have been affected by COVID-19, and those who cannot be near their sick loved ones due to quarantine restrictions. We are all in this together
The COVID-19 pandemic has led to a worldwide work-from-home experiment spiking the sales of laptops and teleconferencing software around the world. While some organizations are experienced in employing and managing a remote workforce, other entities have been forced to quickly adapt without solidifying the proper procedures, policies, and security needed. As a result, cybercriminals and APT (advanced persistent threat) groups have altered their behavior to take full advantage of this new environment.
Despite this change in environment, many threat actors will still rely on phishing as a key vector for initial access. Successful phishing attacks typically play on the victim’s behavioral response to greed, fear, or recent trends. We have observed an increase in threat actors exploiting the COVID-19 pandemic in phishing emails, links, and images promising new information, updates, cures, or COVID-19 related tools or medical equipment. We strongly suggest you get pandemic updates directly from reliable and trusted sources, such as the John Hopkins COVID-19 Resource Center or your local government equivalent of the CDC.
However, good cyber hygiene is only the first step. Due to the sudden shift to a work-from-home environment, highly adept cybercriminals and APT groups have found new ways of bypassing organizations’ preventive security solutions even when VPNs are used.
4 key areas to keep your organisation secure
As more remote endpoints are added to your organization (be they newly purchased or employees’ personal computers), you need to find a way to secure your organization when uncontrolled endpoints VPN directly into your internal network. Personal computers are often less secure than office computers (whether they be Mac, Windows, or Linux); they could have anything on them, including unknown threats, such as malware from a COVID-19-themed phishing attack.
Additionally, firewalls and other preventive security measures are incapable of stopping those threats as VPNs are designed to bypass that type of security — opening up an alluring attack route: unsecured endpoints with direct access to the internal network. While VPN encryption is extremely useful for organizations with a remote workforce, VPNs can open up unintended security holes.
Throughout 2019 and early 2020, multiple companies along the entire supply chain of the Taiwan high-tech ecosystem were victims of APT attacks, which we dubbed Operation Skeleton Key.
In Operation Skeleton Key, hackers were able to bypass firewalls and other preventive security by abusing the fact that a VPN links computers on an internal network. Once inside, a new type of fileless attack abused the memory of Windows Domain Controllers to create a digital skeleton key that allowed them admin access to any machine on the internal network — a true security nightmare.
Defending against this new type of fileless attack requires not only performing regular memory forensics on domain controllers but also knowing what to look for. Fortunately for our MDR customers, our sophisticated MDR immediately detected the initial steps of Operation Skeleton Key’s attack and prevented a massive data breach from occurring.
The COVID-19 pandemic and its aftermath will continue to affect our working and private lives for a long time. As this crisis continues, some organizations and their employees may be forced to make tough decisions regarding the security of information versus the safety of their workforce. No one should be in this position.
Cybots’s AI-driven digital forensics are uniquely suited to provide organizations assistance in keeping their networks, data, and devices secure while their employees can safely work from home. Cybots is committed to helping organizations transition from their Work From Home environment into a Secure From Home environment.
Cybots’s lightweight Secure From Home solution combines both NGAV (for prevention) and our MDR (managed detection and response) in one lightweight sensor. You can rest assured that your work from home employees and your whole organization will be secure in this time of crisis from even the most advanced cyber threats on the planet.
With our all-in-one agent and cloud platform, your organization will get:
NGAV: Real-time blocking of known & suspicious threats
MDR: Detection of the most advanced threats on the planet, with full forensic analysis and response, measured in minutes
。Threat intelligence
。UEBA analysis
。Remediation playbooks
Reporting & Visibility:
。System Forensics (caches, logins, scheduled jobs, auth/event logs & more)
。Process, memory, and file inspection
。MITRE ATT&CK mapping
。Hidden device reporting
。Full storylines of any and all malicious activity
。True root cause analysis
。Malicious domain, IP, URL analysis
。Suspicious user accounts analysis
。Malware analysis
。Graphs of all affected nodes and executions
。A plan for eradication and eradication confirmation
Even when individual endpoints are not connected to your organization’s network, you will still experience NGAV and single-endpoint MDR. Stop wasting your time panicking about remote endpoint security. Stop querying your SIEM or EDR for C2 and AV logs for all the new endpoints coming in. Stop wasting time on prioritization and investigations. Start getting secure now. It’s fast and easy.
We make use of the latest advances in AI such as GANs, DeepRL, and UEBA to analyze forensic evidence from multiple layers including the artifact, endpoint, user, network, and threat intelligence layers, to prevent malware, breaches, data loss, and incidents and every other thing malicious threat actors do.
Windows: 7/8/10, Server 2008–2019
Mac: macOS 10.10–10.15
Linux: Ubuntu 9.10–18.04, Debian 7.0–9.0, RHEL 6.0–8.1, CentOS 6.0–8.0
We know the combination of COVID-19 and the sudden transition to WFH has been tough on everyone. That is why we are offering free 30 days MDR for our current customers’ WFH endpoints from March 26th until June 30th. New clients in government, health care, or high-tech will receive three free months of our Secure From Home service and a complimentary Enterprise Health Check. This means you have unlimited WFH licenses for your organization until then. Contact your Cybots representative via your work email to get started right now or reach out to contact@cybotsai.com
4 key areas to keep your organisation secure
4 key areas to keep your organisation secure
For more information on our platform, how we defeat APTs in the wild, or the latest in Cybots security news, follow us on LinkedIn, Facebook and our website at Cybotsai.com.