We’re looking for a set of use cases (threat scenarios) written around the current issues/risks faced by small/medium sized businesses in regard to opening up their networks for remote connectivity. What the forced shift to remote working means for the cyber threat landscape.
We would like this to take the format of 5 detailed/technical blog posts or similar (as below).
Potential E-Mail Spam Malware / Large volume of emails sent from single address in a short timeframe or large volume of non-deliverable emails
This scenario can indicate malware hijacking mailboxes, causing a significant amount of spam/malicious emails to be sent from a user’s mailbox.
Speak to the user whose address has been potentially compromised to determine whether they are aware of the situation. If they are not aware, halt any outgoing mail from the exchange server from their mailbox and investigate their profile for any malware artifacts.
Mail transfer agent (MTA) or mail relay software logs will be correlated to detect bandwidth threshold-based alerts, threshold-based alerts and anomaly-based alerts. Matches will raise a correlated event/alert.
Mail transfer agents, Firewalls, IDS/IPS, Antivirus / Malware solutions
Step 1: Preparation
This action can indicate potential bots sending spam from an internal host. For this to happen, the system must have been previously compromised. Technicians should be able to have access to AD or have up-to-date lists of contacts of all assets and staff information. Being able to quickly contact a user or the person in charge of a server is the key to being effective. IT Response Team should have knowledge of Anti-Botnet remediation best practices.
Step 2: Identification
The crucial goal is to determine which host is infected and sending an email. There are several symptoms which often manifest shortly after botnet infiltration as the compromised machine begins executing its instructions. Awareness of these symptoms can aid in early botnet detection. In action, bots are essentially backdoor Trojans. Look for unexpected IRC traffic from internal hosts. The port being used for IRC traffic may even be a non-standard IRC port (6666, 6667...) Run a complete IP check for sending Mail servers.
Step 3: Containment
Speak to the user whose address has been potentially compromised to determine whether they are aware of the situation. If they are not aware, halt any outgoing mail from the exchange server from their mailbox and investigate their profile for any malware artefacts. A good practice is only to allow mail traffic between the server and the internet. This is usually done by restricting communication to standard ports such as 25, 465 and 587.
Step 4: Eradication
Like most of the newer forms of malware, bots can be hard to detect and even harder difficult to remove. Methods can be tool based or manual. Depending on the remediator’s infrastructure and line of businesses, their respective may differ substantially.
Step 5: Recovery
To recover from a computer virus infection or to prevent future infections from malware or computer viruses, use a reliable antivirus. Check if you already have antivirus software installed, many operating systems bring their preinstalled security tools. Identify and track servers, keep a patch maintenance policy and follow post-patch security best practices.
Please note that these services do not remove malware, generally only removing the infection manually and rebuilding the site from backup can do that.
Step 6: Lessons Learned
Implement security awareness policies for employees and end users. Install virus-checking software and update it regularly. Use security software to block or disable potentially harmful applications. Malware is often a component of advanced multi-stage attacks. Configure your firewalls to send email notifications, SNMP Traps and syslog.
26 фрилансеров(-а) в среднем готовы выполнить эту работу за £146
Dear customer, i confidently express my desire to work on this paper as I am committed to provide you with the best possible services including plagiarism free work, timely delivery and of course, excellent quality.