SlideShare a Scribd company logo
1 of 4
Download to read offline
Three Strategies for
Organizations to Follow to
Disrupt Cybercriminals
Selling Access to Their
Environment
Unmasking a bad actor at an individual level will help organizations gain more
context, figure out why the attack happened, and calculate future risk.
Threat actors have been selling employee credentials and private access keys to a critical
business application in increasing numbers. To prevent these types of incidents from
escalating into full-fledged breaches that damage the company’s credibility, organizations
need to understand that they must respond quickly to maintain visibility outside their
perimeter. External threat hunting, forensics, and the unmasking of actors using
open-source information are common actions (OSINT). Identifying the actor goes a long
way toward deciding whether the organization is a target of opportunity or a victim of a
targeted attack.
Organizations should, however, take the following three measures to ensure the integrity,
confidentiality, and availability of data systems.
Three Strategies for Organizations
Internal and External Triage
Maintaining the integrity, confidentiality, and availability of data systems should be the top
priority. This can be accomplished by identifying the source of leaked credentials. If a
third-party vendor or law enforcement initiates contact, they can keep those user credentials
or private keys when interacting with the threat actor directly.
Also Read: Emerging Cybersecurity Trends in 2021
The account names of the forum members trying to sell the credentials would usually be
known to law enforcement. Once the security team has gathered this data, they can
investigate the threat actors to determine their technical capabilities and how active they are
in underground forums. The dark web vendors, for example, do not have the same technical
capabilities as the malicious agent who gained access to the environment.
The extent of the harm is always unclear at this point of the investigation, so one of three
directions should be pursued: 1) removing access, 2) determining the extent of the damage,
and 3) determining whether the threat warrants unmasking the actors in order to learn more
about the attack’s existence.
Unauthorized Access Must Be Removed
Security teams must assess the damage after checking credentials and account access.
This involves determining whether or not data are accessed and exfiltrated, as well as proof
of unauthorized access, the use of malicious tools, lateral movement, and malware
deployment. Implementing a mix of careful logging through two-factor authentication, data
acquisition strategy, endpoint and network monitoring, and patch management is likely to
prevent a full-blown breach.
It’s critical to conduct external threat detection and threat actor engagement in response to
a particular attack to decide whether the actors are attempting to manipulate or monetize
the security incident. It may not be appropriate to reveal the attacker’s identity at this stage.
It’s likely that no further malicious activity occurred within the environment if an assessment
concludes that the attackers obtained access using re-used passwords scraped from
third-party servers, brute force spraying for the correct password, or found a re-used
password from a prior data breach.
And, the other hand, if the investigation leads the security team to believe that the attack
was carried out by an insider or former employee, unmasking and identification will provide
crucial context, allowing the security team to prevent a compromise and potentially take
legal action.
Also Read: Improving Security Processes Through Continuous Efficacy Assessment and
Mitigation
Unmasking Attribution
Unmasking the hacker at an individual level can help gain more insight, assess why the
attack happened, and measure potential danger if the company is a victim of a targeted
attack rather than a target of opportunity. Making the decision does not have to be a
time-consuming process.
Over the last decade, attribution has mostly been based on a nation-state or actor basis, but
depending on the attack context, individual attribution is becoming increasingly essential.
Although it’s still important to maintain the network’s integrity, confidentiality, and availability
through perimeter and internal insight, having the same visibility beyond the firewalls is
becoming increasingly important.
For more such updates follow us on Google News ITsecuritywire News. Please
subscribe to our Newsletter for more updates.

More Related Content

What's hot

Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionObserveIT
 
Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...csandit
 
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...cscpconf
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISKDATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISKRobert Anderson
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection schemeMussavir Shaikh
 
Cyber Vulnerabilities & How companies can test them
Cyber Vulnerabilities & How companies can test themCyber Vulnerabilities & How companies can test them
Cyber Vulnerabilities & How companies can test them24by7Security Inc
 
Third-party Remote Support Threats Inforgraphic
Third-party Remote Support Threats InforgraphicThird-party Remote Support Threats Inforgraphic
Third-party Remote Support Threats InforgraphicSecureLink, Inc.
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
Hunting the Evil of your Infrastructure
Hunting the Evil of your InfrastructureHunting the Evil of your Infrastructure
Hunting the Evil of your InfrastructureA. S. M. Shamim Reza
 
Using indicators to deal with security attacks
Using indicators to deal with security attacksUsing indicators to deal with security attacks
Using indicators to deal with security attacksZoho Corporation
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityDavid Mai, MBA
 
Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017PaladionNetworks01
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Apt zero day malware
Apt zero day malwareApt zero day malware
Apt zero day malwareaspiretss
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 

What's hot (20)

Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
 
Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...
 
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
 
Unit 7
Unit 7Unit 7
Unit 7
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
 
Unit 1
Unit 1Unit 1
Unit 1
 
Unit 1
Unit 1Unit 1
Unit 1
 
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISKDATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection scheme
 
Cyber Vulnerabilities & How companies can test them
Cyber Vulnerabilities & How companies can test themCyber Vulnerabilities & How companies can test them
Cyber Vulnerabilities & How companies can test them
 
Third-party Remote Support Threats Inforgraphic
Third-party Remote Support Threats InforgraphicThird-party Remote Support Threats Inforgraphic
Third-party Remote Support Threats Inforgraphic
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
Hunting the Evil of your Infrastructure
Hunting the Evil of your InfrastructureHunting the Evil of your Infrastructure
Hunting the Evil of your Infrastructure
 
Using indicators to deal with security attacks
Using indicators to deal with security attacksUsing indicators to deal with security attacks
Using indicators to deal with security attacks
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outline
 
Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Apt zero day malware
Apt zero day malwareApt zero day malware
Apt zero day malware
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
 

Similar to Three strategies for organizations to follow to disrupt cybercriminals selling access to their environment

Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-managementMark Gibson
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMCourion Corporation
 
Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Roy Ramkrishna
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
Benefit from Penetration Testing Certification
Benefit from Penetration Testing CertificationBenefit from Penetration Testing Certification
Benefit from Penetration Testing Certificationshanaadams190
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationIJERA Editor
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfforladies
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Ict H A C K I N G
Ict    H A C K I N GIct    H A C K I N G
Ict H A C K I N GHafizra Mas
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 

Similar to Three strategies for organizations to follow to disrupt cybercriminals selling access to their environment (20)

Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 
Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAM
 
Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Benefit from Penetration Testing Certification
Benefit from Penetration Testing CertificationBenefit from Penetration Testing Certification
Benefit from Penetration Testing Certification
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdf
 
phishing-infographic
phishing-infographicphishing-infographic
phishing-infographic
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Ict Hacking
Ict   HackingIct   Hacking
Ict Hacking
 
Ict H A C K I N G
Ict    H A C K I N GIct    H A C K I N G
Ict H A C K I N G
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 

Recently uploaded

SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 

Recently uploaded (11)

SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 

Three strategies for organizations to follow to disrupt cybercriminals selling access to their environment

  • 1. Three Strategies for Organizations to Follow to Disrupt Cybercriminals Selling Access to Their Environment Unmasking a bad actor at an individual level will help organizations gain more context, figure out why the attack happened, and calculate future risk. Threat actors have been selling employee credentials and private access keys to a critical business application in increasing numbers. To prevent these types of incidents from
  • 2. escalating into full-fledged breaches that damage the company’s credibility, organizations need to understand that they must respond quickly to maintain visibility outside their perimeter. External threat hunting, forensics, and the unmasking of actors using open-source information are common actions (OSINT). Identifying the actor goes a long way toward deciding whether the organization is a target of opportunity or a victim of a targeted attack. Organizations should, however, take the following three measures to ensure the integrity, confidentiality, and availability of data systems. Three Strategies for Organizations Internal and External Triage Maintaining the integrity, confidentiality, and availability of data systems should be the top priority. This can be accomplished by identifying the source of leaked credentials. If a third-party vendor or law enforcement initiates contact, they can keep those user credentials or private keys when interacting with the threat actor directly. Also Read: Emerging Cybersecurity Trends in 2021 The account names of the forum members trying to sell the credentials would usually be known to law enforcement. Once the security team has gathered this data, they can investigate the threat actors to determine their technical capabilities and how active they are in underground forums. The dark web vendors, for example, do not have the same technical capabilities as the malicious agent who gained access to the environment.
  • 3. The extent of the harm is always unclear at this point of the investigation, so one of three directions should be pursued: 1) removing access, 2) determining the extent of the damage, and 3) determining whether the threat warrants unmasking the actors in order to learn more about the attack’s existence. Unauthorized Access Must Be Removed Security teams must assess the damage after checking credentials and account access. This involves determining whether or not data are accessed and exfiltrated, as well as proof of unauthorized access, the use of malicious tools, lateral movement, and malware deployment. Implementing a mix of careful logging through two-factor authentication, data acquisition strategy, endpoint and network monitoring, and patch management is likely to prevent a full-blown breach. It’s critical to conduct external threat detection and threat actor engagement in response to a particular attack to decide whether the actors are attempting to manipulate or monetize the security incident. It may not be appropriate to reveal the attacker’s identity at this stage. It’s likely that no further malicious activity occurred within the environment if an assessment concludes that the attackers obtained access using re-used passwords scraped from third-party servers, brute force spraying for the correct password, or found a re-used password from a prior data breach. And, the other hand, if the investigation leads the security team to believe that the attack was carried out by an insider or former employee, unmasking and identification will provide crucial context, allowing the security team to prevent a compromise and potentially take legal action.
  • 4. Also Read: Improving Security Processes Through Continuous Efficacy Assessment and Mitigation Unmasking Attribution Unmasking the hacker at an individual level can help gain more insight, assess why the attack happened, and measure potential danger if the company is a victim of a targeted attack rather than a target of opportunity. Making the decision does not have to be a time-consuming process. Over the last decade, attribution has mostly been based on a nation-state or actor basis, but depending on the attack context, individual attribution is becoming increasingly essential. Although it’s still important to maintain the network’s integrity, confidentiality, and availability through perimeter and internal insight, having the same visibility beyond the firewalls is becoming increasingly important. For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.