With COVID-19 now a global pandemic, the rapid expansion of the remote work environment has opened up new challenges for enterprises. The attack surface is growing, providing lucrative opportunities for those who want to exploit this new norm. Hackers are accelerating their attack campaigns with original and proven techniques – often designed to take advantage of the pandemic. Whether registering new websites with coronavirus-related names or sending COVID-19 phishing emails, cyber criminals aim to lure an anxious populace into a new web of attacks.
Enterprises want to prevent these attacks and protect their remote workforce. Unfortunately, security teams are overwhelmed with a surge of alerts, managing an influx of requests from other departments and working with scarce and remote siloed teams. They need more resources, streamlined processes and automation to take care of mundane tasks, prioritize tasks and incidents, and focus on malicious and relevant threats to their environment.
Hackers are smart and lazy. They want the most bang for their buck. Phishing is the easiest way to target victims who are always looking at the next big pandemic update. What’s better than crafting a coronavirus-themed email that appears to be coming from the CDC?
As a security analyst, you can expect a lot of these types of emails flooding your employees’ inboxes across the enterprise. To put things in perspective, Google reported 18 million COVID-19 related emails in a few weeks in April 2020. It is not humanly possible to deal with this type of volume manually. There needs to be an automated way to collect, correlate, verify and document these incidents.
This is where Cortex XSOAR automated playbooks can help. Automated phishing playbooks are among the most popular use cases for Cortex XSOAR. They’re in use in our own security operations center, reducing our phishing response time from 30 minutes down to about 10 seconds. Security teams can save time and automate their COVID-related incident workflows to run at machine speed. Employees submitting suspicious emails to infosec teams will trigger a COVID-specific playbook that will extract all the relevant indicators like URLs, domains and links. Cortex XSOAR will then compare these indicators with internal and external repositories, tag them and add them to external blocklists. Finally, Cortex XSOAR provides additional context by ingesting active threat intel feeds, making it easier and faster to respond. It’s like operating a factory assembly line, where various jobs are running, providing immediate action with speed and scale.
The attackers create their own assembly line by leveraging machine learning and AI. They repurpose old proven phishing tactics and techniques at machine speed. This makes it harder for enterprises to catch up unless they counter them with the same force, combating a machine with a machine.
Watch this video to learn how Cortex XSOAR playbooks can protect your enterprise and automate responses to COVID-related phishing attacks.