CyCraft Services: Secure From Home, For Free

The CyCraft team would like to express its profound gratitude to all first responders, healthcare workers, and law enforcement worldwide for sacrificing their safety to keep the rest of us safe and healthy. In addition, our hearts go out to those whose loved ones have been affected by COVID-19, and those who cannot be near their sick loved ones due to quarantine restrictions. We are all in this together.

How COVID-19 Has Affected Cybersecurity

The COVID-19 pandemic has led to a worldwide work-from-home experiment spiking the sales of laptops and teleconferencing software around the world. While some organizations are experienced in employing and managing a remote workforce, other entities have been forced to quickly adapt without solidifying the proper procedures, policies, and security needed. As a result, cybercriminals and APT (advanced persistent threat) groups have altered their behavior to take full advantage of this new environment.

Despite this change in environment, many threat actors will still rely on phishing as a key vector for initial access. Successful phishing attacks typically play on the victim’s behavioral response to greed, fear, or recent trends. We have observed an increase in threat actors exploiting the COVID-19 pandemic in phishing emails, links, and images promising new information, updates, cures, or COVID-19 related tools or medical equipment. We strongly suggest you get pandemic updates directly from reliable and trusted sources, such as the John Hopkins COVID-19 Resource Center or your local government equivalent of the CDC.

However, good cyber hygiene is only the first step. Due to the sudden shift to a work-from-home environment, highly adept cybercriminals and APT groups have found new ways of bypassing organizations’ preventive security solutions even when VPNs are used.

Cybersecurity Risks in the Work-From-Home Environment

As more remote endpoints are added to your organization (be they newly purchased or employees’ personal computers), you need to find a way to secure your organization when uncontrolled endpoints VPN directly into your internal network. Personal computers are often less secure than office computers (whether they be Mac, Windows, or Linux); they could have anything on them, including unknown threats, such as malware from a COVID-19-themed phishing attack.

Additionally, firewalls and other preventive security measures are incapable of stopping those threats as VPNs are designed to bypass that type of security — opening up an alluring attack route: unsecured endpoints with direct access to the internal network. While VPN encryption is extremely useful for organizations with a remote workforce, VPNs can open up unintended security holes.

Recent Case Study: VPNs + Digital Skeleton Key = Internal Defenses Derailed

Throughout 2019 and early 2020, multiple companies along the entire supply chain of the Taiwan high-tech ecosystem were victims of APT attacks, which we dubbed Operation Skeleton Key.

In Operation Skeleton Key, hackers were able to bypass firewalls and other preventive security by abusing the fact that a VPN links computers on an internal network. Once inside, a new type of fileless attack abused the memory of Windows Domain Controllers to create a digital skeleton key that allowed them admin access to any machine on the internal network — a true security nightmare.

Defending against this new type of fileless attack requires not only performing regular memory forensics on domain controllers but also knowing what to look for. Fortunately for our MDR customers, our sophisticated MDR immediately detected the initial steps of Operation Skeleton Key’s attack and prevented a massive data breach from occurring.

How CyCraft Helps

rCyCraft’s AI-driven digital forensics are uniquely suited to provide organizations assistance in keeping their networks, data, and devices secure while their employees can safely work from home. CyCraft is committed to helping organizations transition from their Work From Home environment into a Secure From Home environment.

CyCraft’s lightweight Secure From Home solution combines both NGAV (for prevention) and our MDR (managed detection and response) in one lightweight sensor. You can rest assured that your work from home employees and your whole organization will be secure in this time of crisis from even the most advanced cyber threats on the planet.

Inside Secure From Home

With our all-in-one agent and cloud platform, your organization will get:

NGAV: Real-time blocking of known & suspicious threats

MDR: Detection of the most advanced threats on the planet, with full forensic analysis and response, measured in minutes
。Threat intelligence
。UEBA analysis
。Remediation playbooks

Reporting & Visibility:
。System Forensics (caches, logins, scheduled jobs, auth/event logs & more)
。Process, memory, and file inspection
。MITRE ATT&CK mapping
。Hidden device reporting
。Full storylines of any and all malicious activity
。True root cause analysis
。Malicious domain, IP, URL analysis
。Suspicious user accounts analysis
。Malware analysis
。Graphs of all affected nodes and executions
。A plan for eradication and eradication confirmation

Even when individual endpoints are not connected to your organization’s network, you will still experience NGAV and single-endpoint MDR. Stop wasting your time panicking about remote endpoint security. Stop querying your SIEM or EDR for C2 and AV logs for all the new endpoints coming in. Stop wasting time on prioritization and investigations. Start getting secure now. It’s fast and easy.

Secure From Home is easy as 1, 2, 3, 4

1. Install our hands-off and worry-free Secure From Home scanner.
2. We continuously receive scanner data.
3. Our AI and human security experts analyze the data and send regular reports and generate alerts only when needed.
4. Our human security experts work with you to eradicate the malicious activity and remediate your systems as quickly as possible.

How Secure From Home is Possible

We make use of the latest advances in AI such as GANs, DeepRL, and UEBA to analyze forensic evidence from multiple layers including the artifact, endpoint, user, network, and threat intelligence layers, to prevent malware, breaches, data loss, and incidents and every other thing malicious threat actors do.

Supported Systems

Windows: 7/8/10, Server 2008–2019
Mac: macOS 10.10–10.15
Linux: Ubuntu 9.10–18.04, Debian 7.0–9.0, RHEL 6.0–8.1, CentOS 6.0–8.0

Secure From Home for Free

We know the combination of COVID-19 and the sudden transition to WFH has been tough on everyone. That is why we are offering free MDR for our current customers’ WFH endpoints for a limited time. New clients in government, health care, or high-tech will receive three FREE months of our Secure From Home service and a complimentary Enterprise Health Check. This means you have unlimited WFH licenses for your organization until then. Contact your CyCraft representative via your work email to get started right now or reach out to contact@cycraft.com

Follow Us

Blog| LinkedIn | Twitter | Facebook | CyCraft

When you join the CyCraft Community, you will be in good company. CyCraft secures government agencies, Fortune Global 500 firms, top banks and financial institutions in Asia, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs in several APAC countries, including Taiwan, Singapore, Japan, Vietnam, and Thailand.

We power SOCs with our proprietary and award-winning AI-driven MDR (managed detection and response), SOC (security operations center) operations software, TI (threat intelligence), Health Check, automated forensics, and IR (incident response), and Secure From Home services.

Industry Recognition

• Joined MITRE ATT&CK Evaluations round two against APT29 and round three against CARBANAK and FIN7
• Member of FIRST — the premier Incident Response organization
• Winner of multiple Gold Cybersecurity Excellence Awards, including MDR, Forensics, Incident Response, and Artificial Intelligence as well as a Best Cybersecurity Company Gold Award

Additional Related Resources

• Our Enterprise Health Check drops your mean dwell time down from 197 days to under 1 day without false positives or false negatives. Know with confidence if hackers have penetrated your enterprise.
• Gain the CyCraft Advantage and drastically reduce your investigation time with our automated forensics and actionable reports with contextual data & true attack root cause analysis.
• Is your organization an ICS? CyCraft discussed directly with semiconductor manufacturers on updating global cybersecurity standards and the unique security challenges an ICS faces.
• Case Study: CyCraft reduced an acquisition due diligence investigation time by 99%.
• Learn why industry professionals voted CyCraft for multiple GOLD Cybersecurity Excellence Awards in 2020.