By Kamil Imtiaz at Palo Alto Networks. With COVID-19 now a global pandemic, the rapid expansion of the remote work environment has opened up new challenges for enterprises. The attack surface is growing, providing lucrative opportunities for those who want to exploit this new norm. Hackers are accelerating their attack campaigns with original and proven techniques – often designed to take advantage of the pandemic. Whether registering new websites with coronavirus-related names or sending COVID-19 phishing emails, cybercriminals aim to lure an anxious populace into a new web of attacks.

Enterprises want to prevent these attacks and protect their remote workforce. Unfortunately,  security teams are overwhelmed with a surge of alerts, managing an influx of requests from other departments and working with scarce and remote siloed teams. They need more resources, streamlined processes and automation to take care of mundane tasks, prioritize tasks and incidents, and focus on malicious and relevant threats to their environment.

Hackers are smart and lazy. They want the most bang for their buck. Phishing is the easiest way to target victims who are always looking at the next big pandemic update. What’s better than crafting a coronavirus-themed email that appears to be coming from the CDC?

This sample COVID-19 phishing email presents itself as orginating from the Centers for Disease Control and Prevention and includes language that attempts to take advantage of users' desire for updates about the pandemic.
Figure 1: COVID-19 phishing email example

As a security analyst, you can expect a lot of these types of emails flooding your employees’ inboxes across the enterprise. To put things in perspective, Google reported 18 million COVID-19 related emails in a few weeks in April 2020. It is not humanly possible to deal with this type of volume manually. There needs to be an automated way to collect, correlate, verify and document these incidents.

This is where Cortex XSOAR automated playbooks can help. Automated phishing playbooks are among the most popular use cases for Cortex XSOAR. They’re in use in our own security operations centre, reducing our phishing response time from 30 minutes down to about 10 seconds. Security teams can save time and automate their COVID-related incident workflows to run at machine speed. Employees submitting suspicious emails to infosec teams will trigger a COVID-specific playbook that will extract all the relevant indicators like URLs, domains and links. Cortex XSOAR will then compare these indicators with internal and external repositories, tag them and add them to external blocklists. Finally, Cortex XSOAR provides additional context by ingesting active threat intel feeds, making it easier and faster to respond. It’s like operating a factory assembly line, where various jobs are running, providing immediate action with speed and scale.

The diagram shows how a Cortex XSOAR automated playbook could automate responses to COVID-19 phishing emails. The flow includes the ingestion of active threat intel feeds and the triggering of the playbook, which then extracts additional context to enrich the indicator information, compares with internal lists to check for matches with either trusted or suspicious domains, and blocks the phishing email if it's determined to be malicious.
Figure 2: Cortex XSOAR COVID-19 suggested playbook flow

The attackers create their own assembly line by leveraging machine learning and AI. They repurpose old proven phishing tactics and techniques at machine speed. This makes it harder for enterprises to catch up unless they counter them with the same force, combating a machine with a machine.

Watch this video to learn how Cortex XSOAR playbooks can protect your enterprise and automate responses to COVID-related phishing attacks.

View the original post by Palo Alto Networks.

Predictive, Pre-Deployment, Post Installation and Health Check Wireless Surveys carried out by certified wireless engineers.

IP-CCTV site survey to assess camera locations and requirement and existing Mobotix solution health checks.

Net-Ctrl provide network and structured cabling solutions as either a stand-alone installation, or to compliment products and solutions that we offer.

Net-Ctrl offers our Cloud WLAN. Delivering market-leading patented technology managed by the Net-Ctrl engineering team.