Eternal vigilance is the key to good security. You need to constantly hunt for cyberthreats or you'll end up being hunted. You can quickly identify a threat amongst the thousands of events that a SIEM tool captures with heightened environmental awareness, meticulous attention to detail, and a tidy presentation of the network logs in the form of intuitive reports and dashboards.

Cyber Detective is an engaging cybersecurity game, where you must progress through 10 levels developed from typical security scenarios, including a suspicious PowerShell process initiated, abnormal number of files created, or phishing emails.

Hunting for threats in the digital wilderness

Why you should play this game

A security analyst's work is similar to that of a detective. You're continuously on the lookout for risks in order to thwart them before they materialize.

The objective of Cyber Detective is to add to your expertise to recognize, assess, and evaluate security threats. The game seeks to offer an intriguing and realistic learning experience that equips players to take on the increasingly complex terrain of cyberthreats and defend enterprises from potential breaches.

From the game, you will explore security use cases such as:

Phishing emails

Attackers utilize social engineering techniques to make emails appear authentic and persuade recipients to click links or download attachments. Attackers can still get through, despite employees being trained to be aware of such emails. This makes phishing emails the top initial access vector. Simultaneously, a lot of reported phishing emails are false positives. Evaluating a phishing email requires careful attention.

Here are a few things to look at when investigating a suspected phishing email:

  • The email sender urges you to take immediate action (make a payment by wire transfer or click on a link).
  • Irregularities with email IDs, domains, and URLs.
  • Requesting a form-fill involving personal data.
  • Spelling and grammatical errors.

Suspicious user logon activities

Monitoring user activities is critical to identify occurrences of insider threats and compromised accounts. Suspicious user logon activities can be indicators of potential security breaches or anomalies.

Here are a few examples:

  • Multiple failed login attempts: Frequent failed login attempts may be indicative of someone trying to guess passwords or gain unauthorized access.
  • User account changes: Unusual account modifications such as changes made to user account settings, password resets, or permissions modifications. These changes can indicate lateral movement, creation of a backdoor, or privilege escalation.
  • High number of concurrent logins: Instances where a user has multiple concurrent logins from different devices may indicate account sharing or potential compromised credentials.
  • Unexpected account lockouts: Frequent or repeated account lockouts may suggest brute force attacks or attempts to gain unauthorized access.

Data exfiltration

Data exfiltration refers to the unauthorized transmission of sensitive information from a company. This may occur through email attachments or uploads to any SaaS application that employees utilize. Enterprises have to ensure total visibility and audit all user actions in the cloud to keep pace with the growing use of cloud apps. A cloud access security broker (CASB) acts as a gatekeeper between an organization's on-premises infrastructure and the cloud services it uses. The CASB capability of a SIEM solution gives complete visibility into things like upload file size, file name, and file type.

Inevitably, the classification of files based on their sensitivity is vital to detect attempts to modify, copy, and send emails with attachments. By classifying files, the security team can prioritize the most business-critical data and focus their efforts and resources (capital, personnel, and technology) into protecting those assets first.

Malware and ransomware execution

A malware payload is typically delivered through email attachments, malicious downloads, or exploit kits targeting vulnerabilities in a system. Once delivered, the malware begins its execution.

Here are the typical behaviors of malware to look at:

  • New processes created.
  • Modification or deletion of files.
  • Process running from suspicious locations.
  • New files created with unknown extensions.
  • Processes spawned by unusual processes.
  • Connections to malicious URL or C2 servers.

Are you ready to take the challenge? Play the game now.

  • Please enter a business email id
  • By clicking 'Read the ebook', you agree to processing of personal data according to the Privacy Policy

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.