RSS

Help Desk as a Cyber Threat Intel source

Sat, Nov 17, 2012

Security

For many organizations there is a good source of cyber intelligence right under their nose. Few have have tapped into this resource. It’s your help desk / support desk / client services or what ever you call it. This is the place where users call when they are having computer issues. As it happens sometimes cyber attacks manifest themselves in just such a fashion.

Many client side attacks that are part of cyber threat actor arsenals can cause issues in the client system. IE crashes when a certain site is visited, the PDF opens but is blank, the word document also opens a command window, etc. Fortunately for us cyber sleuths many times the user will call the help desk and report the issue. Hopefully your help desk has a ticketing system (like Remedy or Peregrine) that you can search in.

Once a week I go into our help desk ticketing system and search for the following:

IE / Internet Explorer
Browser
Adobe
PDF
Flash
Office document
Word, PowerPoint, Excel
Other terms depending on current activities

Honestly I do not find things every week but I feel it is well worth the 30 minutes a week I spend.

Print Friendly
,

This post was written by:

- who has written 181 posts on InfoSecPodcast.com.


Contact the author

Leave a Reply

Bad Behavior has blocked 435 access attempts in the last 7 days.

Rodney's 404 Handler Plugin plugged in.