This post offers a glimpse into how our Cyber Incident Response Team (CIRT) fought a flare-up in Emotet infections by taking a step back from the mass of alerts to devise a proactive strategy for automation. Our hope is that it sparks some ideas for you when something similar happens in your environment.
Everyone, please take a deep breath and say it with me: “Macs are invulnerable to compromise.” Everyone knows that’s true, right? Attacking a Mac is impossible. Okay, well perhaps most of the population thinks that, but we are part of the uber-elite cyber-warriors that know better. All systems are vulnerable. Our Macs only get popped when we want them to, … Read More
Day after day, our Cyber Incident Response Team (CIRT) detects the threat vectors bad guys use to infiltrate organizations. This post will walk through a malware infection that used the Microsoft Sysinternals tool PsExec to attempt lateral movement, host reconnaissance, and network reconnaissance. We’ll show how the OODA loop method can help improve detection speed and accuracy—not only as the threat unfolded, but as our … Read More