Darkreading.com reported that “not only are doctors and nurses understaffed and overworked in hard-hit areas, so are SOC and IT teams. SOC rooms are now “distributed SOC rooms” and some SOC employees are ill or quarantined.”  The April 1, 2020 article entitled “The SOC Emergency Room Faces Malware Pandemic” included these comments:

Attackers are exploiting the high volume of remote users logged into the organization, presenting a new, very distributed and volumetric, baseline of remote logins.

This makes it very hard to identify unusual remote logins and makes it harder to detect credential theft cases; devices that are used to log in for the first time are no longer an anomaly, and so may not be identified.

In the real world, countries which have successfully taken on COVID-19 have moved rapidly, identifying those who carry the virus and separating them form the healthy population quickly and effectively.

In our IT organizations, we need to adopt the more disciplined, centralized approach.

Please be extra careful and mindful of the cybercriminals who are very busy!

Leave a Reply

Your email address will not be published. Required fields are marked *