Category Archives: Incident Response

By Erik Leach, CISSP, SCF
Imagine coming home and finding your house broken into and some of your belongings missing.  As you totter from room to room, you would probably feel anger, frustrated, disturbed and a little overwhelmed.  At a vulnerable moment such as that, it probably would not be the best time to engage in critical decision making that would most likely prove reactionary.  This analogy can be applied to the instance of a data breach. (more…)

Two distinct vulnerabilities dubbed Meltdown and Spectre potentially affect almost every system¹.  In a world that is already saturated with cyberattacks and vulnerabilities, it is easy to succumb to cyber threat fatigue when discussing two new outbreaks.  Even though there have been no confirmed reports of attacks that have taken advantage of these newly exposed vulnerabilities, they are highly concerning.  That is because they involve the CPU, the fundamental building block of the internet, corporate networks and PCs. (more…)

By Steve Lawn, Senior Consultant

Staying ahead of security threats is no easy task. One threat that should definitely be on your radar is ransomware. From hospital heists to attacks on schools and other businesses, ransomware is costly and is projected to be one of the biggest threats in 2016. According to CNN, the FBI reported that it received 2,453 complaints about ransomware hold-ups last year, costing the victims more than $24 million dollars. And there’s little the FBI can do about it, and so victims pay. (more…)

By Todd Hacke
The moment you realize you are experiencing a network-based breach, you may not know what to do. Minute one, hour one, day one, what should a technical team do to respond to a breach while it’s still in play?

While having a full incident response plan, a trained response team, and well-placed log repositories are optimal, in our experience many organizations are not well-prepared. (more…)

Author: Glenn A. Stout, Ph.D, PMP

Your organization just experienced a data security incident. All of the data that was entrusted to your organization to be kept safe is now “out there” on the Internet.  Your organization doesn’t have an incident response plan.  Who do you call?  When should you call?  What information needs to be reported? (more…)

The modern digital landscape is a battleground rife with adversaries ready and willing to go to great lengths to steal your data. Clever independent attackers and state-sponsored actors alike are deploying increasingly effective versions of cyber-attacks intended to intrude, infect, steal, evade, disrupt and destroy everything they touch. To defend themselves, many businesses are investing in a variety of technologies and techniques to mitigate these threats. Blocking, containing, obfuscating, authenticating, verifying, and filtering are all important control elements of network security. (more…)

Recently the Symantec Corporation uncovered a highly sophisticated, modular piece of malware that has been infecting computers in a variety of countries as far back as 2008. Backdoor.regin has characteristics beyond those of modern malware and is already generally accepted as a product of nation-state cyber espionage. The implant likely took considerable resources and time to create and has several stealth features including multiple levels of encryption and even anti-forensic capabilities, multiple attack vectors, custom surveillance tools, persistence. The works. (more…)

There I was, ankle deep in raw sewage, incredulous that for the second time this summer, my basement was filling up with foul smelling murky waste. As I looked hopelessly at my wife while the water level continued to rise, I angrily thought to myself, “What else can I do?” Didn’t I shell out some major money to protect the basement against groundwater by installing drain tiles? Didn’t I reduce the chance of overloading the sewer systems by removing my gutters from draining into the city’s drainage system?  And that crawlspace, I just spent several thousands to waterproof the last (what I thought) area that was susceptible to water. Yet here I was, again, plagued by unwanted water in my house. (more…)

Incident Responders take a lot of pride in finding that ‘Needle in the Haystack’ when conducting data breach investigations. The thrill of forensics lies in finding the tiniest clue that unravels the story of how a breach occurred and what exactly was compromised as a result. But the reality is that during forensic investigations, there is not always a needle in the haystack of evidence that we comb through, and the impact can be huge. (more…)

Once again another company is on the heels of a massive data breach where intellectual property, customer records, private information, you-name-it, has been compromised. The recent news of Adobe Systemsⁱ where a malicious entity stole intellectual property and accessed millions of credit card numbers is another case where “if there is a will, there is an attacker that will find a way.” (more…)