Navigate through the intricacies of incident response with proven strategies. Explore best practices tailored for addressing common attack scenarios effectively. Gain insights and expertise to fortify your cybersecurity defenses, ensuring a resilient response in the face of evolving threats.
2. BRUTE FORCING
www.infosectrain.com
@infosectrain
INVESTIGATION
01 Analyze Active Directory, application, and operating
system logs for multiple login failures.
02 Contact the user to confirm the legitimacy of
login attempts.
ACTIONS
01 If unauthorized activity is confirmed, disable the account.
02 Investigate and block the attackerโs IP address.
03 Implement account lockout policies to prevent
brute force attacks
3. BOTNETS
www.infosectrain.com
@infosectrain
ACTIONS
01 Identify and remove malicious processes.
02 Fix the vulnerabilities by applying necessary patches.
03 Isolate the affected server to prevent further
malicious activities.
INVESTIGATION
01 Monitor network traffic for connections to suspicious IPs.
02 Check OS logs for new or suspicious processes.
03 Contact the server owner and support team for
information.
4. RANSOMWARE
www.infosectrain.com
@infosectrain
ACTIONS
01 Request anti-virus checks and initiate a malware scan.
02 Isolate the infected machine to prevent further spread.
INVESTIGATION
01 Check for anti-virus alerts and malware indicators.
02 Monitor network traffic for connections to suspicious IPs.
5. DATA EXFILTRATION
www.infosectrain.com
@infosectrain
ACTIONS
01 If a rogue employee is suspected, contact their manager
for an internal investigation.
02 If it's an external threat, isolate and disconnect the
compromised machine from the network.
INVESTIGATION
01 Monitor network traffic for abnormally high traffic
patterns using DLP.
02 Check proxy logs and OS logs for unusual activities.
6. COMPROMISED ACCOUNT
www.infosectrain.com
@infosectrain
ACTIONS
01 If a compromised account is confirmed, disable the
account, change the password
02 Conduct forensic investigations to determine the
extent of the breach.
INVESTIGATION
01 Analyze Active Directory logs, OS logs, and network traffic for
indicators of a compromised account.
02 Contact the user for additional information.
7. DENIAL OF SERVICE
www.infosectrain.com
@infosectrain
ACTIONS
01 If the DoS is due to vulnerabilities, contact the patching
team to remediate the vulnerabilities.
02 Enable redundancy and failover for uninterrupted
service during an attack.
03 For a network traffic-induced attack, contact network support
or ISP and refrain from disclosing sensitive information
too quickly.
INVESTIGATION
01 Monitor network traffic for abnormally high traffic.
02 Review firewall logs and OS logs for signs of the attack.
8. FOUND THIS USEFUL?
Get More Insights Through Our FREE
Courses | Workshops | eBooks | Checklists | Mock Tests
LIKE SHARE FOLLOW