New kids on the block: Meet e-CSIRT!

CYBERS 30.09.2021

There is a saying in information security – „The question is not if you get attacked it is when…” In the daily news we can read how one or another company has fallen victim to a cyber-attack. It is easy to think that this will not happen to us. Unfortunately, that’s not true. What to do when the worst has happened? First hours and days have critical importance. The question that you should ask yourself if you are responsible for IT Security is as follows. Is our team experienced enough to handle the consequences of an attack? If yes, then that is great, if not it is wise to reach out for extra help.


What’s next?

In CYBERS we have developed a new service for situations like these. eCSIRT – Emergency Computer Security Incident Response Team is a group of specialists who work on solving these types of problems. They will join forces with your organization and bring skills, knowledge, tools, and experience to the table to solve the incident. During the response, we investigate how attackers got into the network, what were their goals, and what kind of access they possess. The first step is to collect data and store it for future investigations. From analysis, we can understand what the urgency, scope, and impact of the case are and what could be the possible attack scenario. To learn about customer systems and infrastructure information gathering is needed. This will be used as input to come up with a plan to minimize the incident impact.


Sharing few pointers

Here are a few pointers If you find yourself and your organization in the middle of an attack. First, block external connections and isolate infected systems. Domain administrator accounts need to be closed and new ones created. Also, Kerberos tickets need to be rotated together with privileged account passwords. It is important to find accounts that were created by malicious actors. Apply all missing security updates and monitor the activity of privileged users. It is also important that Police and local CERT are notified.


How to handle cyber incidents?

The best way to handle cyber incidents is to prevent them. Investing in cybersecurity is always more affordable than handling the consequences. How much does one cyberattack cost? Attackers do their homework and are aware of how much your company makes money. Ransomware attackers usually price their demands to 5% of your annual recurring revenue. Considering the possible reputation damage, downtime the real cost is even greater. Taking 2-3% of your revenue and investing it in cybersecurity can prevent these costly situations in the future.



Latest blog posts


A Mysterious Broadcast Podcast– UVB-76

In this edition of KüberCAST, Ronnie Jaanhold and Siim Pajusaar, along with guest Andrus Aaslaid, delve deeper into this phenomenon. Tune in to the podcast and discover what lies beneath the seemingly ordinary radio station frequencies.

Keep reading

We are officially ISO 27001 compliant!

In today’s world, it is not enough to claim that we know and do everything safely. Customers and business partners want proof of this statement, and now we can confirm it – we are certified according to the ISO 27001 standard.

Keep reading


Locked Shields is the world’s largest cyber defense exercise of its kind, organized by the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE). The event was held from 18 to 21 April in Tallinn and had nearly 3,000 participants. Participants included NATO member states and NATO-friendly countries (last year Georgia, this year Ukraine). The main CYBERS & NATO CYBER DEFENSE EXCERCISE LOCKED SHIELDS

Keep reading