During times of crisis and major events, opportunistic cyber criminals take advantage of human nature to launch attacks. The most recent example is COVID-19. Attackers are capitalizing on the massive influx of emails people are receiving on topics related to the pandemic, along with a natural hunger for more information, to launch a surge in spear phishing and ransomware campaigns. In fact, the FBI Internet Crime Complaint Center (IC3) has reported that the number of cyber complaints they received spiked from 1,000 daily before the pandemic to as many as 4,000 incidents in a day, including an uptick in malicious emails and increased ransomware attacks.

The cyber community has reacted quickly, providing specific threat feeds related to COVID-19, often free of charge. Security operations teams across the globe are scrambling to consume those feeds. However, because many of the sources were new, no ready-made connectors exist to plug these feeds into their security infrastructure. Security teams have told us it can require 10 to 20 additional analysts to manually sift through numerous, new sources and massive volumes of indicators and operationalize them. 

The configuration-driven feeds within the ThreatQ platform eliminates this problem so security teams can quickly overcome their scalability challenges and make use of the latest threat intelligence. Organizations can write a custom connector for any type of feed within hours, so they can begin automatically ingesting threat data from new sources into their ThreatQ platform quickly. Once the threat feed can be consumed, the ThreatQ platform makes it easy for companies to score and prioritize sources and data based on relevance to their specific environment and take action. This is extremely important since, based on our experience, only approximately 5% of the global threat data companies gather is high priority. Without custom scoring and prioritization, analysts waste time “chasing ghosts.”

To see the entire process in action, watch the webinar “How to Respond to Rapidly Emerging Cyber Threats” with ThreatQuotient’s Ayuba “JJ” Ndiaya, Account Manager, and Syed Kaptan, Threat Intelligence Engineer. 

Walk through the scenario of what happens when the CISO of “ACME company”, realizing the risks associated with emerging COVID-related ransomware campaigns, asks the threat intelligence team to:

1. Collect the right threat intelligence information so we can better understand the threat

2. Mitigate that risk by ensuring counter measures are deployed immediately and automatically and that the latest intelligence is continuously consumed during the crisis

3. Report to me in real-time any internal detections or incidents related to this emerging threat

See how the team delivers on this mission.