Threat actors have taken advantage of gaps in security, brought about by hastily created remote access solutions and general oversights but the experienced team with a deep understanding of the infrastructure have taken care of the situation. Let’s embrace those techies who have maximised the working lives and effectiveness of the security team.
Digital Forensics and Incident Response (DFIR) teams have gained first hand visibility of the tactics, techniques and procedures (TTPs) employed by some of the most sophisticated cyber adversaries. DFIR teams provide the information so that they can stay ahead of threats relevant to their businesses, industries and geographies.
What are the Roles and Responsibilities?
The incident response team analyses the information, discusses observations and activities, and shares important reports and communications across the company. The amount of time spent on any one of these activities will say that, is this a time of calm or crisis? Even when not actively investigating or responding to a security incident, DFIR team should at least quarterly review current security trends and incident response procedures.
What all incidents took place?
Last year’s long pandemic wave has ramped up existing security threats and created new ones – and many health care entities have battled against them, some could do it, some failed. Attackers have expanded phishing on social engineering efforts, preying on the anxiety caused by the fear of coronavirus, or seeking donations of COVID-related causes. On the other hand, other cyber-enabled financial crimes have escalated, including c-suite business email compromise, personally identifiable information theft, ransomware and account takeovers.
This is not all, while the health care providers were busy serving on the front lines for COVID-19 patients, they have been disproportionately targeted by cyber-attacks. And that’s when and where the Digital Forensic and Incident Response team needs to execute their plan. They need to effectively minimize the impact and recover quickly. Quantifiable metrics, reliable reporting and communication – are the best ways to keep the team at front and centre in the terms of executive priority and support.
Incident 01: Ransomware Attack
One of the incidents where, Maze and other ransomware hacking groups announced it loud that they wouldn’t attack hospitals. The Maze ransomware group attacked the computer system of Hammersmith Medicines Research (HMR), and published personal details of the thousands of former patients after the company declined to pay a ransom. The company was working on the tests to develop the Ebola vaccine and drugs to treat Alzheimer’s disease, and was performing early clinical trials of drugs and vaccines.
Incident 02: CMS Attacks
Every year, millions of websites across the globe fall victim to malware attacks – which are designed to gain access to the site’s backend without the administrator’s knowledge to steal sensitive data or cause damage, majorly it takes place for financial gain.This year, cyberattacks were on the rise during the first wave of pandemic, by leaving businesses to wonder whether or not things will settle down or not, or this is our indefinite future.
Popular CMS attacks took place during COVID-19 was like WordPress, Joomla, Drupal and noneCMS. According to the 2020 Global Threat Intelligence Report from Dimension Data, these CMS platforms alone were the target of approximately 20% of all observed attacks globally. SQL injection vulnerability in Joomla was found to be the most commonly exploited by attackers.
Incident 03: APT Group Intelligence Gathering
During the height of the first wave of the pandemic, Global Threat Intelligence Centre (GTIC) observed advanced persistent threats (APTs), and particularly those suspected to be backed by nation-states, focusing their intelligence-gathering efforts on COVID-19 research. Many nations have been attempting to get the upper hand on COVID-19 research – both for the health of their citizens as well as for the monetization of a potential treatment or vaccines.
And unfortunately, APTs have targeted the healthcare industry heavily while it is at its most vulnerable phase. It includes international organizations, research organizations, hospitals and healthcare workers and first responders.
Over here, AI can play a greater role. It can bring together patterns and analysis which would take a human for longer to bring together. By avoiding valuable security team staff getting bogged down in manual tasks like rudimentary data crunching – we can use them for higher value tasks such as interpreting intelligence and building overall resilience strategies .