CovertHart :: Incident Response
We provide your organization with actionable Threat Intelligence, Network Visibility and the Security Tools to break the Kill Chain of today’s most advanced Cyber Attacks.
ABOUT THE SERVICE
CovertHart® Incident Response Team is ready to immediately engage and mitigate the impact of security threats to any organization. We prepare our customers for battle with actionable Threat Intelligence, Network Visibility, Security Tools and a Proactive Incident Response Plan to prevail and be resilient in times of extreme crisis and stress.
Our Incident Response Retainer programs gives you the budged flexibility your organization needs and ensures that your organization is well prepared.
IMPORTANT STEPS IN A CYBER EMERGENCY
The increasing probability of a cyber incident dictates that every organization needs to be prepared to respond effectively. Readiness translates not only in the form of monitoring but in the practice of crisis simulation to understand what can happen and which steps to take.
A well prepared, multi-functional team reduces significantly the escalation of an incident, minimizes the impact and improves effectively a fast recovery.
Identify, Collect and Preserve details related to the attack, how the incident came to light, who reported it, and how they were alerted, what is the impact, personnel or relevant parties involved and actions taken in a chronological order. Identify and Isolate affected systems so no one attempts to alter the state of the systems.
Initiate the Incidence Response and Communication plans. Contact your CovertHart® IR Team representative.
If you are not a current customer fill out the form and a member of the IR Team will be contacting you.
Activate an out-of-band communication channel to replace those that are broken.
Understanding existing business limitations, initiate the recovering phase.
INCIDENT RESPONSE PHASES
Find out how our Incident Response Team addresses some of the world’s largest and most sophisticated attacks.
There’s no substitute for preparedness. Customers, Partners, Employees, and others understand that crises will occasionally affect an organization. What they find hard to understand are lack of preparation, inadequate responses, and confusing communications.
- Create an Incident Response Planning.
- IR Policy Creation.
- Develop a communication plan.
- Vulnerability Assessment.
- Playbook Creation.
- Determine roles and responsibilities of your team.
INCIDENT CLASSIFICATION FRAMEWORK
The Incident Classification framework is used to classify the severity level of various types of incidents, to help with communication and accurate reporting.
COMMON TYPES OF CYBER ATTACKS
Here’s an overview of some of the most common cybersecurity threats and types of attacks seen today.
Eavesdropping involves intercepting communications. Eavesdropping can be the act of listening to other people talk without them realizing it. It can also be done using technology like microphones, cameras, recording devices or intercepting digital or analog voice transmissions on a network to steal private information.
A denial-of-service (DoS) attack occurs when legitimate users are unable to access systems or network resources due to the actions of a malicious cyber threat actor.
There are different types of DoS and DDoS attacks; the most common are TCP SYN flood attack, teardrop attack, smurf attack and ping-of-death.
Dictionary and brute-force attacks are networking attacks where the attacker attempts to log into a user’s account by systematically checking and trying all possible passwords until finding the correct one. The term brute-force means overpowering the system through repetition.
Phishing attacks often lure Email recipients and Web users into believing that a spoofed website is from a legitimate easily recognized organizations, such as a large bank or social media site.
Victims are tricked in to entering their information and by doing so stealing their private or sensitive information, such as credit card numbers, social security numbers or website login credentials.
A business email compromise (BEC) attack is a type of deceptive activity in which malicious outsiders target an organization by spoofing their business emails. E.g. Impersonating Leadership, fake orders, request fund transfers, etc.
A Man-in-the-Middle attack (MITM) occurs when a hacker inserts itself using different methods between two systems, eavesdrops in and intercepting communications. Some of these methods are IP, ARP and DNS spoofing.
Drive-by Attack is when a malicious actor locates a vulnerable website and insert malicious code into the site’s (HTTP) or (PHP) code. This malicious code could directly install malware onto the computer or device of a user who visits the site.
SQL injection attack is a web security vulnerability that allows an attacker to read sensitive or private data, insert, update, delete or otherwise modify the data, perform shutdowns on the database and similar administrator operations, send commands to the operating system, or retrieve content from a database driven site by injecting crafted commands.
Cross-site scripting attacks are quite similar to Drive-by attacks, the attacker insert malicious code into a content from a reputable website or application, often using third-party web resources to infect the users who visit the site.
Zero-day is a term for a recently discovered vulnerability or exploit for a vulnerability that only the attacker was aware of their existence.
It is almost impossible to prevent zero-day attacks, as their existence can stay hidden even after the vulnerability is exploited.
DNS Tunneling is a method of cyber attack that encodes commands and data into the DNS queries and responses facilitating Data Exfiltration, Command and Control communications and