Many companies around the world are taking the sensible step of asking employees to work from home. What that means in theory is that the spread of COVID-19 will be partly slowed by the lack of additional exposures caused at the workplace. What this means in practice? Presumably the theory holds true but in addition to that it also means corporate networks will have many times the normal number of people remotely connected and many of those devices are potentially compromised or connecting from a home network where other hosts are.
To help administrators and security professionals manage this situation we at Team Cymru are pleased to announce the availability of a no-cost portal that will allow the lookup of 50 IP addresses at a time to identify the geographic location of the host and to identify if it has been identified as compromised in the last 30 days via our various detections.
To use the tool an admin needs only to collect the IP from their edge service, be it VPN, email, chat, etc, and paste the list into our portal found here:
Results are easily parsed with likely infected hosts listed in RED and actions can be taken accordingly. Not expecting a user to be shown as connecting from a distant country? Or does your financial team member show being connected from an IP that is bot infected? With this tool and resulting data you can now know and take appropriate action.
Have questions or comments? Please let us know! Need to lookup more than 50 IP addresses? Contact us for a discussion on how we can help! firstname.lastname@example.org