cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
paul200310
Newcomer III

Cyber attack during long week end example

https://www.cnbc.com/2018/12/29/reuters-america-cyberattack-hits-u-s-newspaper-distribution.html

 

Above Cyber attack prove that most of the Cyber attack are happen during long week end.

 

During long week end we should be more vigilant on below point.

 

Disabled Wi-Fi Dhcp Pool. considering remote location as well gust Wi-Fi. 

Ask SOC Team to monitor all gateway equipment like IPS/E-mail gateway etc.

Monitor permiter network whether all DMZ servers updated with latest AV definition and OS patch.

Check with external feed whether there is any zero day vulnerability exist. 

Cyber
4 Replies
Caute_cautim
Community Champion

Which tells you a lot, whilst the employees of the business go on a well deserved break.  The bad guys are opportunists, they have all the available time and luxury of giving it a go, and many times they will succeed.   We as the defenders need to up our game in 2019.

 

73

 

Cautim_cautim

dreastans
Newcomer III

I firmly believe that attackers are prepared months in advance and are just waiting for the perfect opportunity.  While everyone enjoys their time off, they are hatching their well-thought plans.


---
Andrea Stansbury- CISSP
Shannon
Community Champion

 

On 31st December 2018 we experienced an attack on a web-servers, the response to which required a change on our firewall, which was communicated to the MSSP handling our security devices. Effecting it took longer than expected, courtesy of the MSSP's staff enjoying New Year's Eve.

 

All this occurred on a weekday --- so at least it didn't ruin my weekend... 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
paul200310
Newcomer III

May this kind actor being activated month back and well planned...

Firewall rule rationalization most important prior such long holiday.....Identify Firewall posture as well.....

Another important thing we focus on network based IPS but often forgot to apply Host based IPS.......Remove default IPS/HIPS policy create new filter based on recent threat vector...

End point Security, Advanced end point Security no more helpful understand such unknown variant of malware without proper research....

As an example some encrypted file not scan by AEP recorded sample....

another recorded example encrypted file scan by AEP but taking long....    

 

In fast example heuristic method not working and second example heuristic method working but taking so long..process slow indeed.

 

Check this below link if it is help beyond SIEM ingratiated SOC......

 

 

https://github.com/PaloAltoNetworks/minemeld

 

Cyber