https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17615#M2094 <P><A href="https://www.cnbc.com/2018/12/29/reuters-america-cyberattack-hits-u-s-newspaper-distribution.html" target="_blank">https://www.cnbc.com/2018/12/29/reuters-america-cyberattack-hits-u-s-newspaper-distribution.html</A></P><P>&nbsp;</P><P>Above Cyber attack prove that most of the Cyber attack are happen during long week end.</P><P>&nbsp;</P><P>During long week end we should be more vigilant on below point.</P><P>&nbsp;</P><P>Disabled Wi-Fi Dhcp Pool. considering remote location as well gust Wi-Fi.&nbsp;</P><P>Ask SOC Team to monitor all gateway equipment like IPS/E-mail gateway etc.</P><P>Monitor permiter network whether all DMZ servers updated with latest AV definition and OS patch.</P><P>Check with external feed whether there is any zero day vulnerability exist.&nbsp;</P> Sun, 06 Jan 2019 16:01:33 GMT paul200310 2019-01-06T16:01:33Z https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17615#M2094 <P><A href="https://www.cnbc.com/2018/12/29/reuters-america-cyberattack-hits-u-s-newspaper-distribution.html" target="_blank">https://www.cnbc.com/2018/12/29/reuters-america-cyberattack-hits-u-s-newspaper-distribution.html</A></P><P>&nbsp;</P><P>Above Cyber attack prove that most of the Cyber attack are happen during long week end.</P><P>&nbsp;</P><P>During long week end we should be more vigilant on below point.</P><P>&nbsp;</P><P>Disabled Wi-Fi Dhcp Pool. considering remote location as well gust Wi-Fi.&nbsp;</P><P>Ask SOC Team to monitor all gateway equipment like IPS/E-mail gateway etc.</P><P>Monitor permiter network whether all DMZ servers updated with latest AV definition and OS patch.</P><P>Check with external feed whether there is any zero day vulnerability exist.&nbsp;</P> Sun, 06 Jan 2019 16:01:33 GMT https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17615#M2094 paul200310 2019-01-06T16:01:33Z https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17619#M2095 <P>Which tells you a lot, whilst the employees of the business go on a well deserved break.&nbsp; The bad guys are opportunists, they have all the available time and luxury of giving it a go, and many times they will succeed.&nbsp;&nbsp; We as the defenders need to up our game in 2019.</P><P>&nbsp;</P><P>73</P><P>&nbsp;</P><P>Cautim_cautim</P> Sun, 06 Jan 2019 18:37:31 GMT https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17619#M2095 Caute_cautim 2019-01-06T18:37:31Z https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17641#M2098 <P>I firmly believe that attackers are prepared months in advance and are just waiting for the perfect opportunity.&nbsp; While everyone enjoys their time off, they are hatching their well-thought plans.</P> Mon, 07 Jan 2019 16:31:31 GMT https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17641#M2098 dreastans 2019-01-07T16:31:31Z https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17711#M2102 <P>&nbsp;</P><P>On 31st December 2018&nbsp;we experienced an attack on&nbsp;a&nbsp;web-servers, the response to which required a change on our firewall,&nbsp;which was communicated to the&nbsp;MSSP handling our security devices. Effecting it&nbsp;took longer than expected,&nbsp;courtesy of the MSSP's staff enjoying New Year's Eve.</P><P>&nbsp;</P><P>All this occurred on a weekday ---&nbsp;so at least it didn't&nbsp;ruin my weekend...&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 08 Jan 2019 14:49:19 GMT https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17711#M2102 Shannon 2019-01-08T14:49:19Z https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17722#M2103 <P>May this kind actor being activated month back and well planned...</P><P>Firewall rule rationalization most important prior such long holiday.....Identify Firewall posture as well.....</P><P>Another important thing we focus on network based IPS but often forgot to apply Host based IPS.......Remove default IPS/HIPS policy create new filter based on recent threat vector...</P><P>End point Security, Advanced end point Security no more helpful understand such unknown variant of malware without proper research....</P><P>As an example some encrypted file not scan by AEP recorded sample....</P><P>another recorded example encrypted file scan by AEP but taking long....&nbsp; &nbsp;&nbsp;</P><P>&nbsp;</P><P>In fast example heuristic method not working and second example&nbsp;heuristic method working but taking so long..process slow indeed.</P><P>&nbsp;</P><P>Check this below link if it is help beyond SIEM ingratiated SOC......</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://github.com/PaloAltoNetworks/minemeld" target="_blank">https://github.com/PaloAltoNetworks/minemeld</A></P><P>&nbsp;</P> Tue, 08 Jan 2019 18:52:19 GMT https://community.isc2.org/t5/Industry-News/Cyber-attack-during-long-week-end-example/m-p/17722#M2103 paul200310 2019-01-08T18:52:19Z