Information Technology

An international law enforcement operation has resulted in the closure of what Europol is calling the world’s largest illegal marketplace on the dark web.
DarkMarket, which boasted almost 500,000 users, was taken offline following a joint effort between authorities in Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom, through the National Crime Agency, and the United States, including the FBI. Europol said it supported Germany in coordinating the cross-border collaborative effort that involved international partners.
In a statement, Europol said the more than 2,400 sellers on the marketplace mainly traded drugs and sold counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards, and malware.
It said DarkMarket processed over 320,000 transactions, with more than 4,650 bitcoin and 12,800 monero transferred on the underground marketplace, totalling roughly €140 million — a little over $170 million.
An Australian citizen was arrested in the German city of Oldenburg by the Central Criminal Investigation Department at the weekend. It is alleged the 34-year old Australian man is the operator of DarkMarket.
The investigation, which was led by the cybercrime unit of the Koblenz Public Prosecutor’s Office, allowed officers to locate and close the marketplace, switch off the servers, and seize the criminal infrastructure, Europol said. The seized criminal infrastructure included more than 20 servers in Moldova and Ukraine.
Probing the servers will likely result in further investigations of moderators, sellers, and buyers, Europol said.
RELATED COVERAGE

The dark web won’t hide you anymore, police warn crooks
‘Operation Disruptor’ involved agencies from nine countries and the seizure of over $6.5m in cash and cryptocurrencies as criminals warned law enforcement will track them down.
Bad news: Dark web sales of fraud guides are booming. Good news: They’re useless fakes
Fraudsters are selling fraudulent fraud guides to wannabee fraudsters.
FBI & Interpol disrupt Joker’s Stash, the internet’s largest carding marketplace
Four threat intel firms, Digital Shadows, Intel 471, Gemini Advisory, and Kela, said the disruption was temporary. More

(Image: Maxpixel)
We know how some hackers passed away their time during the lockdown: By running Bitcoin-related hacks and potentially netting “nearly $3.78 billion” in 2020, according to a report from Atlas VPN.

The losses are huge but not at the level Atlas VPN claims because it used mid-January 2021 values rather than at the time of the breach. 
Data collected by Slowmist Hacked showed that there were 122 attacks in 2020, targeting three major areas:
Decentralized apps running on the Ethereum platform had 47 attacks (current value $437 million) 
Cryptocurrency exchanges had 28 attacks (current value $300 million in losses)
27 attacks on blockchain wallets
Wallets were the most lucrative target, with $3 billion in losses in current values and an average of $112 million per wallet hacking event compared to about $10 million per attack on Ethereum apps or exchanges.
The good news is that there was a slight decrease in the number of blockchain-related attacks, with an 8% drop from 133 attacks in 2019, and this number is expected to drop further in 2021.
Fewer attacks, but the scale of the losses could dramatically mushroom if the value of Bitcoin and other crypto-currencies maintains a strong momentum as they did in 2020.
CLICKBAIT LOSSES
The “$3.8 billion” stolen that Atlas VPN claims are greatly inflated because they are based on Jan. 12, 2021 conversion rates — not even on end-of-the -ear values, let alone the value at the time of the breach. The continued rise in the value of cryptocurrencies makes the total losses look much larger.

Bitcoin on Jan. 12 was worth $34,100. It was valued at $4,857 in March and finished the year nearly six times higher at $28,897.40.  More

Image: Google Project Zero
Google published a six-part report today detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices.

The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks, Google said.
Also: Best VPNs
“One server targeted Windows users, the other targeted Android,” Project Zero, one of Google’s security teams, said in the first of six blog posts.
Google said that both exploit servers used Google Chrome vulnerabilities to gain an initial foothold on victim devices. Once an initial entry point was established in the user’s browsers, attackers deployed an OS-level exploit to gain more control of the victim’s devices.
The exploit chains included a combination of both zero-day and n-day vulnerabilities, where zero-day refers to bugs unknown to the software makers, and n-day refers to bugs that have been patched but are still being exploited in the wild.
All in all, Google said the exploit servers contained:
Four “renderer” bugs in Google Chrome, one of which was still a 0-day at the time of its discovery.
Two sandbox escape exploits abusing three 0-day vulnerabilities in the Windows OS.
And a “privilege escalation kit” composed of publicly known n-day exploits for older versions of the Android OS.

The four zero-days, all of which were patched in the spring of 2020, were as follows:
Google said that while they did not find any evidence of Android zero-day exploits hosted on the exploit servers, its security researchers believe that the threat actor most likely had access to Android zero-days as well, but most likely weren’t hosting them on the servers when its researchers discovered it.
Google: Exploit chains were complex and well-engineered
Overall, Google described the exploit chains as “designed for efficiency & flexibility through their modularity.”
“They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks,” Google said.
“We believe that teams of experts have designed and developed these exploit chains,” but Google stopped short of providing any other details about the attackers or the type of victims they targeted.

(I mean, TBH you can probably make a pretty intelligent guess about who would do that. You can probably count the number of actors in the world who would go to the trouble of using all those aspects of professionalism on one hand. With fingers left over.)
— Brian in Pittsburgh (@arekfurt) January 12, 2021

Together with its introductory blog post, Google has also published reports detailing a Chrome “infinity bug” used in the attacks, the Chrome exploit chains, the Android exploit chains, post-exploitation steps on Android devices, and the Windows exploit chains.
The provided details should allow other security vendors to identify attacks on their customers and track down victims and other similar attacks carried out by the same threat actor.
Article title updated shortly after publication, changing the term “massive” to “sophisticated” as there is no information on the scale of this operation to support the initial wording. More

Microsoft has started rolling out earlier today it’s monthly set of security patches known in the industry as Patch Tuesday.
In this month’s updates, the Redmond-based company has patched a total of 83 vulnerabilities across a wide range of products, including its Windows operating system, cloud-based products, developer tools, and enterprise servers.
Microsoft Defender zero-day
But of all the bugs patched today, the most important one is a zero-day vulnerability in the Microsoft Defender antivirus, which Microsoft said was exploited before today’s patches were released.
Tracked as CVE-2021-1647, the vulnerability was described as a remote code execution (RCE) bug that allowed threat actors to execute code on vulnerable devices by tricking a user into opening a malicious document on a system where Defender is installed.
Microsoft said that despite exploitation being detected in the wild, the technique is not functional in all situations, and is still considered to be at a proof-of-concept level. However, the code could evolve for more reliable attacks.
To counteract future attacks, Microsoft has released patches for the Microsoft Malware Protection Engine, which won’t require any user interaction and will be installed automatically — unless specifically blocked by system administrators.
Microsoft also fixes publicly disclosed Windows EoP bug
In addition to the Defender zero-day, Microsoft has also fixed a security flaw in the Windows splwow64 service that could be abused to elevate the privileges of an attacker’s code.

Details about this bug, tracked as CVE-2021-1648, were made public last month, on December 15, by Trend Micro’s Zero-Day Initiative project.
However, despite the details being publicly available, this bug wasn’t exploited in the wild, Microsoft said.
Nonetheless, system administrators are advised to revise and apply today’s patches and avoid future headaches in case any of these vulnerabilities get weaponized and added to attackers’ arsenals.
Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:
Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
ZDNet has published this file listing all this month’s security advisories on one single page.
Adobe’s security updates are detailed here.
SAP security updates are available here.
Intel security updates are available here.
VMWare security updates are available here.
Chrome 87 security updates are detailed here.
Android security updates are available here.
Tag
CVE ID
CVE Title
.NET Repository
CVE-2021-1725
Bot Framework SDK Information Disclosure Vulnerability
ASP.NET core & .NET core
CVE-2021-1723
ASP.NET Core and Visual Studio Denial of Service Vulnerability
Azure Active Directory Pod Identity
CVE-2021-1677
Azure Active Directory Pod Identity Spoofing Vulnerability
Microsoft Bluetooth Driver
CVE-2021-1683
Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft Bluetooth Driver
CVE-2021-1638
Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft Bluetooth Driver
CVE-2021-1684
Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft DTV-DVD Video Decoder
CVE-2021-1668
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
Microsoft Edge (HTML-based)
CVE-2021-1705
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Microsoft Graphics Component
CVE-2021-1709
Windows Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component
CVE-2021-1696
Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component
CVE-2021-1665
GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component
CVE-2021-1708
Windows GDI+ Information Disclosure Vulnerability
Microsoft Malware Protection Engine
CVE-2021-1647
Microsoft Defender Remote Code Execution Vulnerability
Microsoft Office
CVE-2021-1713
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2021-1714
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2021-1711
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office
CVE-2021-1715
Microsoft Word Remote Code Execution Vulnerability
Microsoft Office
CVE-2021-1716
Microsoft Word Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2021-1712
Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint
CVE-2021-1707
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2021-1718
Microsoft SharePoint Server Tampering Vulnerability
Microsoft Office SharePoint
CVE-2021-1717
Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint
CVE-2021-1719
Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint
CVE-2021-1641
Microsoft SharePoint Spoofing Vulnerability
Microsoft RPC
CVE-2021-1702
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1649
Active Template Library Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1676
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
Microsoft Windows
CVE-2021-1689
Windows Multipoint Management Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1657
Windows Fax Compose Form Remote Code Execution Vulnerability
Microsoft Windows
CVE-2021-1646
Windows WLAN Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1650
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1706
Windows LUAFV Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1699
Windows (modem.sys) Information Disclosure Vulnerability
Microsoft Windows Codecs Library
CVE-2021-1644
HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs Library
CVE-2021-1643
HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows DNS
CVE-2021-1637
Windows DNS Query Information Disclosure Vulnerability
SQL Server
CVE-2021-1636
Microsoft SQL Elevation of Privilege Vulnerability
Visual Studio
CVE-2020-26870
Visual Studio Remote Code Execution Vulnerability
Windows AppX Deployment Extensions
CVE-2021-1642
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows AppX Deployment Extensions
CVE-2021-1685
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows CryptoAPI
CVE-2021-1679
Windows CryptoAPI Denial of Service Vulnerability
Windows CSC Service
CVE-2021-1652
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1654
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1659
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1653
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1655
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1693
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1688
Windows CSC Service Elevation of Privilege Vulnerability
Windows Diagnostic Hub
CVE-2021-1680
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Diagnostic Hub
CVE-2021-1651
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows DP API
CVE-2021-1645
Windows Docker Information Disclosure Vulnerability
Windows Event Logging Service
CVE-2021-1703
Windows Event Logging Service Elevation of Privilege Vulnerability
Windows Event Tracing
CVE-2021-1662
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Hyper-V
CVE-2021-1691
Hyper-V Denial of Service Vulnerability
Windows Hyper-V
CVE-2021-1704
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Hyper-V
CVE-2021-1692
Hyper-V Denial of Service Vulnerability
Windows Installer
CVE-2021-1661
Windows Installer Elevation of Privilege Vulnerability
Windows Installer
CVE-2021-1697
Windows InstallService Elevation of Privilege Vulnerability
Windows Kernel
CVE-2021-1682
Windows Kernel Elevation of Privilege Vulnerability
Windows Media
CVE-2021-1710
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Windows NTLM
CVE-2021-1678
NTLM Security Feature Bypass Vulnerability
Windows Print Spooler Components
CVE-2021-1695
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Projected File System Filter Driver
CVE-2021-1663
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Projected File System Filter Driver
CVE-2021-1672
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Projected File System Filter Driver
CVE-2021-1670
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Remote Desktop
CVE-2021-1674
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
Windows Remote Desktop
CVE-2021-1669
Windows Remote Desktop Security Feature Bypass Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1701
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1700
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1666
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1664
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1671
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1673
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1658
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1667
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1660
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows splwow64
CVE-2021-1648
Microsoft splwow64 Elevation of Privilege Vulnerability
Windows TPM Device Driver
CVE-2021-1656
TPM Device Driver Information Disclosure Vulnerability
Windows Update Stack
CVE-2021-1694
Windows Update Stack Elevation of Privilege Vulnerability
Windows WalletService
CVE-2021-1686
Windows WalletService Elevation of Privilege Vulnerability
Windows WalletService
CVE-2021-1681
Windows WalletService Elevation of Privilege Vulnerability
Windows WalletService
CVE-2021-1690
Windows WalletService Elevation of Privilege Vulnerability
Windows WalletService
CVE-2021-1687
Windows WalletService Elevation of Privilege Vulnerability More

Image: Mimecast, Romain Morel
Mimecast, a company that makes cloud email management software, disclosed a security incident today, alerting customers that “a sophisticated threat actor” has obtained one of its digital certificates and abused it to gain access to some of its clients’ Microsoft 365 accounts.

The London-based email software company said the certificate in question was used by several of its products to connect to Microsoft infrastructure.
The products that used this certificate include Mimecast Sync and Recover, Continuity Monitor, and IEP products, the company said in a message posted on its website earlier today.
Mimecast said that around 10% of all its customers used the affected products with this particular certificate; however, the “sophisticated threat actor” abused the stolen certificate to gain access to only a handful of these customers’ Microsoft 365 accounts.
The email software provider put this number at under 10, describing it as a “low single digit number,” and said that it already contacted all the affected customers.
To prevent future abuse, the company is now asking all other customers to “immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate [they] ‘ve made available.”
Mimecast said it’s now working with a third-party forensics expert, Microsoft, and law enforcement to investigate how the certificate was compromised and its aftermath.

The London-based company said it learned of the incident from Microsoft after the tech giant detected unauthorized access to some accounts.
A Mimecast spokesperson would not comment if the security incident was somehow related to the recent SolarWinds supply chain attack. More

Image: Bundo Kim
For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs.

Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised in pirated (cracked) games and software such as League of Legends and Microsoft Office for Mac, security firm SentinelOne said in a report published this week.
“OSAMiner has been active for a long time and has evolved in recent months,” a SentinelOne spokesperson told ZDNet in an email interview on Monday.
“From what data we have it appears to be mostly targeted at Chineses/Asia-Pacific communities,” the spokesperson added.
Nested run-only AppleScripts, for the win!
But the cryptominer did not go entirely unnoticed. SentinelOne said that two Chinese security firms spotted and analyzed older versions of the OSAMiner in August and September 2018, respectively.
But their reports only scratched the surface of what OSAMiner was capable of, SentinelOne macOS malware researcher Phil Stokes said yesterday.
The primary reason was that security researchers weren’t able to retrieve the malware’s entire code at the time, which used nested run-only AppleScript files to retrieve its malicious code across different stages.

As users installed the pirated software, the boobytrapped installers would download and run a run-only AppleScript, which would download and run a second run-only AppleScript, and then another final third run-only AppleScript.
Since “run-only” AppleScript come in a compiled state where the source code isn’t human-readable, this made analysis harder for security researchers.
Yesterday, Stokes published the full-chain of this attack, along with indicators of compromise (IOCs) of past and newer OSAMiner campaigns. Stokes and the SentinelOne team hope that by finally cracking the mystery surrounding this campaign and by publishing IOCs, other macOS security software providers would now be able to detect OSAMiner attacks and help protect macOS users.
“Run-only AppleScripts are surprisingly rare in the macOS malware world, but both the longevity of and the lack of attention to the macOS.OSAMiner campaign, which has likely been running for at least 5 years, shows exactly how powerful run-only AppleScripts can be for evasion and anti-analysis,” Stokes concluded in his report yesterday.
“In this case, we have not seen the actor use any of the more powerful features of AppleScript that we’ve discussed elsewhere [1, 2], but that is an attack vector that remains wide open and which many defensive tools are not equipped to handle.”
The IOCs are available in the SentinelOne OSAMiner report, here. More

After months in the making, Microsoft Defender for Endpoint on Linux server now has endpoint detection and response (EDR) abilities. I know. It’s still startling but Microsoft now produces Linux security programs. Will miracles never cease?

Now, this is not Microsoft Defender for the Linux desktop. Some miracles haven’t happened yet. In this version of Defender, its No. 1 job is to protect Linux servers from server and network threats. If you want protection for your standalone Linux desktop, use such programs as ClamAV or Sophos Antivirus for Linux. With the new EDR features, you can also use it to protect PCs running macOS, Windows 8.1, and Windows 10. 
With these new EDR capabilities, Linux Defender users can detect advanced attacks that involve Macs and Windows desktops, Linux servers, utilize rich experiences, and quickly remediate threats. This builds on the existing preventative antivirus capabilities and centralized reporting available via the Microsoft Defender Security Center.
Specifically, it includes:
Rich investigation experience, including machine timeline, process creation, file creation, network connections, login events, and advanced hunting.
Optimized performance-enhanced CPU utilization in compilation procedures and large software deployments.
In-context AV detections, just like with Windows, you’ll get insight into where a threat came from and how the malicious process or activity was created.
It also comes with custom detections on top of its other threat-hunting capabilities.
To run the updated program, you’ll need one of the following Linux servers: RHEL 7.2+; CentOS Linux 7.2+; Ubuntu 16.04 or higher LTS; SLES 12+; Debian 9 or newer; or Oracle Linux 7.2 or higher.
To run Microsoft Defender for Endpoint on Linux, you’ll need a Servers license. If you’re already testing the public preview, update the agent to a released version 101.18.53 or higher. If you are already running it in production, your devices will seamlessly receive the new EDR capability as soon as you update the agent to version 101.18.53 or higher.
Microsoft thinks well of this latest program. “The release is an amazing milestone providing us a 360 view on all our platforms for our threat hunting strategy,” said Guy Fridman, Microsoft head of Security Operation and Response.  If you want to see if it’s right, you can sign up for a free trial of Microsoft Defender for Endpoint Linux today.
Related Stories: More

Cybersecurity teams are facing new challenges to how they work as the Covid-19 pandemic has forced many security operation centres (SOC) to work remotely while also having to deal with new threats – all of which is leading to higher workloads and an increase in burnout for staff.
Research by the Ponenon institute and Respond Software surveyed information security staff and found that the coronavirus pandemic is increasing hours and workloads of staff in a profession which often was already a high intensity environment for people to work in.
The events of 2020 saw many office-based teams shift to working remotely and that was the same for a significant number of cybersecurity personnel. More than one third of SOC environments shifted to working remotely as a result of the pandemic and while this has understandably happened to protect people from the virus, over half of those now working remotely say it’s had an impact on operations.
That comes at a time when not only are security teams having to deal with a range of threats including phishing, malware and ransomware – and defending against them has become even more challenge as businesses have adapted to entire workforces working from home.
The switch to working remotely has provided cyber criminals and malicious hackers with additional avenues to potentially enter corporate networks as employees connect to work systems from their home internet connections and even their personal computers.
SEE: Coronavirus: Business and technology in a pandemic (ZDNet Special Feature)
This has created additional challenges to securing endpoints when it was already challenging within a corporate environment – while security teams are also trying to balance work with the additional pressures of working from home.

“Working remotely is subject to distractions that you would not typically have in a physical SOC, such as family, friends, pets, roommates or even not having a good home setup such as working from the couch versus your typical desk,” Chris Triolo, vice president of Respond Software told ZDNet.
“This can make it hard for the analyst to stay productive and focus on defending against bad actors as they should, creating additional stress for the SOC analyst.”
According to the survey, the additional pressure of working in cybersecurity while also working from home has lowered morale of SOC staff, with three quarters stating that they’ve experienced burnout as a result.
Such is the extent of burnout that some security analysts are leaving their roles while organisations are attempting to attract – and retain – employees by offering higher salaries than ever before. According to the research paper, the average salary of a security analyst stands at $111,000, up from $102,000 a year ago.
“The SOC operates best when it is in-person and most industry professionals would likely agree with that sentiment. However, it is safe to say that some organizations may prefer to keep the SOC remote due to various factors including lowering rent costs of office space,” said Triolo.
Whatever happens, organisations need to learn how to manage cybersecurity when staff can’t work from the office – and be more prepared if another event forces a similar pattern of remote working in future.
“Regardless of if the SOC goes back to becoming an in-person entity or not, organizations have now learned that disaster and emergency plans need to go beyond just a physical disaster like a fire or a flood. We need to start thinking about situations like a pandemic where security analysts may be physically displaced and unable to safely be in the same room together at work,” Triolo said.
READ MORE ON CYBERSECURITY More