6
Web Defacement Response Automation Use Case

Cyware Web Defacement Response Automation

  • Upload
    others

  • View
    8

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Cyware Web Defacement Response Automation

Web DefacementResponse Automation

Use Case

Page 2: Cyware Web Defacement Response Automation

Web Defacement Response Automation 2

Web defacement attacks are a nuisance. In such attacks, cybercriminals take control of websites by

exploiting vulnerabilities and change the visual appearance, often smearing the websites with political

slogans. Organizations mostly respond to such attacks by first taking the website offline followed by

the removal of the malicious code and patching of vulnerabilities. The manual response to the attack

leads to high downtime impacting the organization and any services offered. The political propaganda

unleashed by the cybercriminals on the website adds to the injury of the victim organization

impacting its brand and status.

Cyber Vandalism

Security teams can leverage automated playbooks to detect and respond to such web defacement

attacks. The automated playbooks standardize the response process from detection to response and

remediation actions at machine speed.

Upon receiving an alert from a third party website monitoring service about website defacement, an

incident is created automatically in the Cyware Fusion and Threat Response (CFTR) platform.

The web defacement response automation playbook performs the following tasks:

Incident Reporting

Undoing the Malicious Art withAutomation

The following actions are triggered to enrich and triage the reported defacement alert before

initiating any response actions.

Enrichment and Triaging

• Enrichment: The playbook performs the automated enrichment of the targeted web application to

fetch the server and server owner details.

• Status Check: The playbook automatically checks the current status of the web application page and

updates the data in the incident.

Page 3: Cyware Web Defacement Response Automation

Web Defacement Response Automation 3

Page 4: Cyware Web Defacement Response Automation

Web Defacement Response Automation 4

The playbook leverages CFTR to perform the following actions following the incident enrichment

process:

• Realtime Containment:

CSAP Mobile Notification: An alert notification along with the screenshot of the current web page is

sent to the application owner via the Cyware Situational Awareness Platform (CSAP) mobile app. The

alert notification also contains several other requests:

•Approval for blocking of inbound traffic until the static page is uploaded

•An action is assigned to replace the website with a static page.

•Disaster Recovery (DR) communication is initiated.

Block Inbound Traffic: On approval from the application owner, the WAF or firewall rule is initiated

to block all the inbound traffic for the web application.

Static Website Replacement: On approval from the application owner, CSAP triggers the action to

change the website with a static page.

Trigger DR: On approval from the app owner, communication with the DR team is initiated to keep

the DR server and services in place.

Containment

• Antivirus Scan: The remediation process begins with an antivirus scan on the host to check for

malware.

• Security Compliance Check: Thereafter, CFTR checks for the details of security software installed on

the server through UEM. If the security software is missing, a ticket is raised in the ITSM for the same.

• Log Analysis and Investigation: An action is created in CFTR to perform log analysis of the server to

find the root cause of the incident.

• Forensic Imaging: An ITSM ticket is raised to perform forensic imaging and investigation on the server

to perform the Root Cause Analysis.

Response and Remediation

Page 5: Cyware Web Defacement Response Automation

Web Defacement Response Automation 5

As the last step, a CFTR action is created to provide the analyst with remediation and lessons

learned.

Learning and Closure

Cyware Advantage

Since a web defacement attack can impact the website uptime and brand image of the organization,

the automated playbook plays an important role in detecting the threat at machine speed instead of

relying on manual processes.

Reduce Detection Times

The playbook automates all response processes including blocking of inbound traffic and ensures

speedy decision-making by looping in human intelligence for restoring the website to regular traffic

more quickly and effectively.

Respond Faster to Minimize Downtime

In addition to the response, the playbook also helps capture the long term learnings from the

incident to put in place the long term strategic controls to thwart any such future attempts by using

the unique capabilities of the fusion center.

Going Beyond Incident Investigation

Page 6: Cyware Web Defacement Response Automation

228 Park Ave S #77147 New York,New York 10003-1502

855-692-9927

cyware.com | [email protected]

855-MY-CYWARE


Hardcore Defacement Statistics Presented by Brian Martin / Matt

Hardcore Defacement Statistics Presented by Brian Martin / Matt

Documents
‘If the defacement of the poor is a defacement of …...way a defacement of Earth is a defacement of God. . . From now on, caring for the environment has to be understood as being

‘If the defacement of the poor is a defacement of …...way a defacement of Earth is a defacement of God. . . From now on, caring for the environment has to be understood as being

Documents
How to Turbocharge Your Cyber Security Incident Response with Automation

How to Turbocharge Your Cyber Security Incident Response with Automation

Software
A Deep Dive into Defacement - · PDF file6 | A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks deface pages. These templates provide consistency in promoting

A Deep Dive into Defacement - · PDF file6 | A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks deface pages. These templates provide consistency in promoting

Documents
Web Defacement Response Automation - cyware-enterpriseDefaceme… · Web Defacement Response Automation 2 Web defacement attacks are a nuisance. In such attacks, cybercriminals take

Web Defacement Response Automation - cyware-enterpriseDefaceme… · Web Defacement Response Automation 2 Web defacement attacks are a nuisance. In such attacks, cybercriminals take

Documents
Defacement Detection with Passive Adversaries

Defacement Detection with Passive Adversaries

Documents
Web Defacement Campaigns Uncovered - Trend Micro€¦ · 05/06/2018  · 4 | Web Defacement Campaigns Uncovered: Gaining Insights From Deface Pages Using DefPloreX-NG Overview Web

Web Defacement Campaigns Uncovered - Trend Micro€¦ · 05/06/2018  · 4 | Web Defacement Campaigns Uncovered: Gaining Insights From Deface Pages Using DefPloreX-NG Overview Web

Documents
Facts and Emerging Vendors - CyberDB€¦ · Facts and Emerging Vendors April 14th, 2018 security orchestration, automation and response (SOAR) Security Orchestration, Automation

Facts and Emerging Vendors - CyberDB€¦ · Facts and Emerging Vendors April 14th, 2018 security orchestration, automation and response (SOAR) Security Orchestration, Automation

Documents
WebOrion® Defacement Monitor (Per URL) Web Security€¦ · WebOrion® Defacement Monitor will provide near real-time alerts in the event of a web defacement. Our high-fidelity approach

WebOrion® Defacement Monitor (Per URL) Web Security€¦ · WebOrion® Defacement Monitor will provide near real-time alerts in the event of a web defacement. Our high-fidelity approach

Documents
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2

Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2

Documents
Website Defacement Explained

Website Defacement Explained

Technology
CLOSED-LOOP RESPONSE AUTOMATION SOLUTION

CLOSED-LOOP RESPONSE AUTOMATION SOLUTION

Documents
Response to RFI for Florida Workforce Automation SaaSfloridajobs.org/PDG/ITProject/SolodevResponse13RFI001LJ...Response to RFI for Florida Workforce Automation SaaS Department of Economic

Response to RFI for Florida Workforce Automation SaaSfloridajobs.org/PDG/ITProject/SolodevResponse13RFI001LJ...Response to RFI for Florida Workforce Automation SaaS Department of Economic

Documents
Intelligent Automation - cgi.com · 3 4 5 6 8 9 10 Contents Intelligent automation overview Business drivers Intelligent automation approach Your challenges. Our response. CGI´s

Intelligent Automation - cgi.com · 3 4 5 6 8 9 10 Contents Intelligent automation overview Business drivers Intelligent automation approach Your challenges. Our response. CGI´s

Documents
Neptune : Re-thinking Incident Response Automation

Neptune : Re-thinking Incident Response Automation

Technology
SACON - Incident Response Automation & Orchestration (Amit Modi)

SACON - Incident Response Automation & Orchestration (Amit Modi)

Technology
Rilevazione di defacement invisibili su siti Web: Tecniche per la raccolta di informazioni

Rilevazione di defacement invisibili su siti Web: Tecniche per la raccolta di informazioni

Education
Defacement of Colluding Attack Using Blowfish Algorithm · Defacement of Colluding Attack Using Blowfish Algorithm ... Blowfish algorithm is based on 16-iteration Feistel Network

Defacement of Colluding Attack Using Blowfish Algorithm · Defacement of Colluding Attack Using Blowfish Algorithm ... Blowfish algorithm is based on 16-iteration Feistel Network

Documents
Web Security and Web Defacement Statistics

Web Security and Web Defacement Statistics

Internet
Web Defacement

Web Defacement

Documents
The Cybersecurity Landscape · Script Kiddies, Web defacement, Bragging Rights, Backdoors in open source Security threats have evolved… Security spending hasn’t! The response

The Cybersecurity Landscape · Script Kiddies, Web defacement, Bragging Rights, Backdoors in open source Security threats have evolved… Security spending hasn’t! The response

Documents
Web Defacement Attack Case

Web Defacement Attack Case

Documents
An Approach to Reveal Website Defacement

An Approach to Reveal Website Defacement

Documents
Keysight N5990A Test Automation Software Platform - … Test Automation... · Data Sheet Keysight N5990A Test Automation Software Platform Multi-Bus Stimulus/Response Test Software

Keysight N5990A Test Automation Software Platform - … Test Automation... · Data Sheet Keysight N5990A Test Automation Software Platform Multi-Bus Stimulus/Response Test Software

Documents
Seminar for Senior Bank Supervisors Web Defacement ...pubdocs.worldbank.org/en/157661511190538554/11... · Web Defacement Forensic Exercise 02 Nov 2017. World Bank 2 Nov 2017 Baltimore

Seminar for Senior Bank Supervisors Web Defacement ...pubdocs.worldbank.org/en/157661511190538554/11... · Web Defacement Forensic Exercise 02 Nov 2017. World Bank 2 Nov 2017 Baltimore

Documents
Improve Your Security Response with Automation

Improve Your Security Response with Automation

Technology
Interactive Voice Response System For College Automation (IVRS)

Interactive Voice Response System For College Automation (IVRS)

Documents
INTERACTIVE VOICE RESPONSE SYSTEM FOR COLLEGE AUTOMATION

INTERACTIVE VOICE RESPONSE SYSTEM FOR COLLEGE AUTOMATION

Documents
Automation Is — A Response to Challenges in the Cold Chain

Automation Is — A Response to Challenges in the Cold Chain

Documents
De Man. Autobiography as Defacement

De Man. Autobiography as Defacement

Documents