TL;DR – We’ve partnered with Amazon Web Services to give a three-month license of our perimeter deception solution to essential services organisations for free.
It’s been heartening to see businesses come forward to help others. We took some time to study how Smokescreen could have the most positive impact. We analysed 500,000+ decoy interactions in our deception platform to see where businesses face the greatest threats.
Here’s what we found:
- Perimeter-facing attacks have increased by 25% – Over 4 weeks, attackers ramped up attacks on the external perimeter as companies support remote users.
- 50% of attacks target VPN and webmail systems – The most attacked honeypots are VPNs (34.3%) and webmail (17.5%). Citrix and Pulse Secure Connect are on the radar.
- 62% of attacks originated from cloud providers – The use of cloud resources to stage attacks make it difficult for organisations to filter by source or region.
- Only 50% of attacks are from known-bad sources – Traditional threat intel feeds aren’t seeing the whole picture as attackers repurpose infrastructure less and less.
You can read the white paper here.
With a massive increase in Internet-exposed assets and employees working from home, security teams are dealing with a new set of threats. VPN portals, Citrix servers, and other Internet-facing infrastructure are under siege, and COVID themed phishing campaigns are more effective than they’ve ever been.
You’re overworked and need a simple solution to a complex problem that is useful right NOW! We believe perimeter deception can help. You can deploy Internet-facing decoys in under an hour and they will immediately start detecting a variety of Internet-facing threats including:
- Attacks on remote access services
- Credential theft and credential stuffing attacks
- Attacker groups specifically targeting your organisation
Deception alerts are low false positive so your security team doesn’t have to deal with another dashboard. And since these are high-confidence detections, you can orchestrate responses to automatically contain the threats.
We urge you to set up these decoys because of how low touch and effective they are (our team will do the heavy lifting).
We will openly share the IOCs (indicators of compromise) from this initiative with the broader security community for the greater good.
Write to covid19@smokescreen.io requesting access or fill up this form and my team will set you up asap.
List of qualified industries
- Hospitals and healthcare
- Pharmaceutical companies
- Manufacturing companies
- Banking & financial services
- Grocery / Food delivery services
- E-commerce companies
- Energy and utilities
Continue Reading
Finding active defense opportunities in a pentest report
Pentest reports tell a story. By asking why a pentester made certain choices, you can find opportunities to influence attacker behavior and actively defend your network.By Sudarshan PisupatiFour MITRE Shield Techniques You Can Implement in 2021
For free, of course. At this point, I’m positive that you’ve heard of MITRE Shield. It’s a new active defense knowledge base released by MITRE – stuff they’ve been implementing for over a decade to engage adversaries and derail attacks. They’ve opened it up to everyone, and for the first time perhaps, the infosec community […]By Sudarshan PisupatiActive Defense – Incident Response’s New Best Friend
Active defense provides defenders with a shared vocabulary and framework for actively dealing with threats instead of passively reacting to them.By Sudarshan Pisupati
- Detect zero-days, APTs, and insider threats
- 10x the detection capabilities with 1/2 the team
- Get started in minutes, fully functional in hours
