Blog COVID-19 Intelligence Briefing: What Makes You Vulnerable?

COVID-19 Intelligence Briefing: What Makes You Vulnerable?

TruSTAR recently held an intelligence briefing with leaders from IBM X-Force IRIS, BAE Systems, and Intel471 to discuss the threatscape surrounding the COVID-19 pandemic. This briefing is part of a larger COVID-19 OSINT Project to track and share vetted observables related to COVID-19 phishing and malware exploits. You can request access to this OSINT Community here.

Below, we have edited and condensed parts of the panel Q&A. To view the full webinar and hear more about the latest intelligence surrounding COVID-19, click here.

COVID-19: How Remote Working Makes You Vulnerable

Patrick Coughlin, Co-Founder & CEO, TruSTAR Technology:

Nick, what impacts are you seeing across your enterprise customers and IBM at large?

Nick Rossman, Research & Operations Lead, IBM X-Force IRIS Intelligence:

I think the transition of remote work really changed how security professionals are working. If you're in a SOC right now, and you're working remotely, it's more important than ever to tie your data together to make sure your teams are working in multiple ways so that you're managing data flows.

Patrick Coughlin, Co-Founder & CEO, TruSTAR Technology:

Maurits, what do you think the impact of working from home has on all of this? What is the impact on the adversary?

Maurits Lucas, Director of Intelligence, Intel471:

There is an enormous amount of people that are suddenly working remotely, meaning that a lot of our organizations are suddenly having to spin up infrastructure and facilities to allow for remote work to happen. Bad actors can try and gain access to organizations and networks through these legitimate remote access facilities, so suddenly the total addressable market has become a lot larger.

My top tip, if you are spinning up any kind of remote VPN infrastructure, is to make sure that it is completely and utterly patched to the hilt and that two-factor authentication is on everything.

We have seen some discussions that bad actors run so rampant across healthcare that some of them are now saying that it is unethical to ransom or to encrypt an entire hospital. So there is, you could say, honor amongst thieves sometimes. At the same time, I think the good news is the COVID-19 impacts their operations as well as them personally. They need to isolate and work from home as much as the rest of us.

I think as a criminal enterprise, it's a very silly idea to have an official office, so usually they're already very flexible in where they work from, but at the same time we’ve seen some discussions where adversaries actually have COVID-19. We also see actors who are engaged in skimming saying that their takings are way down, because the general population is stuck at home so they’ve not got nowhere to swipe our information from. People going out to take money out of ATMs is difficult when countries are in lockdown and you can get very probing police questions for just being out on the street. They're not really conducive to going out and jackpotting an ATM or anything. So it's impacting them in those ways, as well.

Patrick Coughlin, Co-Founder & CEO, TruSTAR Technology:

Adrian, are you seeing different types of adversaries becoming more or less active in the wake of COVID?

Adrian Nish, Threat Intelligence Lead, BAE Systems:

We are tracking actors who are involved in espionage, and it's kind of a perennial debate in the industry about whether those actors are state sponsored, whether they're professionals, freelance, or doing it off their own back. I think this period is interesting for giving us more data points, because the actors and groups that we see dropping off the radar are the ones that are probably typically working from an office. They're the more professional groups that are part of an agency and they've been, like the rest of us, working from home, and if they don't have home working to enable their espionage operations then we see those dropping. Others that are continuing on as normal tell us that those are the groups that probably typically work at an arm's length from the state or are just kind of opportunistic spies. So that's been an interesting observation.

Stay tuned for the third and final piece of this three-part blog series on what’s next for enterprises, SOC teams, adversaries, and individuals.

To watch the webinar in its entirety, click here. For more information on joining the COVID-19 OSINT Community, click here.

TruSTAR Intel Workflows Series: Shifting from App-Centric to Data-Centric Security Operations We recently introduced API 2.O featuring TruSTAR Intel Workflows. This blog series will explain our motivations for building this feature, how it ... Read More
How to Get the Most out of Your Community Plus Toolkit TruSTAR is the Intelligence Management Platform that powers some of the largest ISAC/ISAO threat intelligence exchanges in North America.  Read More
Announcing TruSTAR Phishing Triage & New Intelligence Scoring Capabilities Today TruSTAR has launched Phishing Triage, a new suite of features designed to automatically ingest, extract, normalize, prioritize, and take action ... Read More
COVID-19 Intelligence Briefing: What Happens Next? TruSTAR recently held an intelligence briefing with leaders from IBM X-Force IRIS, BAE Systems, and Intel471 to discuss the threatscape surrounding ... Read More