In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory.
When organizations have no response plan in place for such an attack, it can become overwhelming attempting to prioritize the next steps that will have a compounding impact on the threat actor’s ability to retain access to and control over a compromised network.
Silverfort’s threat research team interacted closely with the identity threats used by Scattered Spider. and in fact, built a response playbook in real time to respond to an active Scattered Spider attack. This webinar will dissect the real-life scenario in which they were called upon to build and execute a response plan while attackers were moving inside an organization’s hybrid environment.
Hear directly from the Silverfort team about the challenges they faced, including how to rapidly and efficiently (and in as automated a manner as possible) meet the following response goals:
- Put ‘roadblocks’ immediately in place to protect against additional lateral movement from that point forward
- Pinpoint user accounts that were compromised, with a special emphasis on service accounts (a favored Scattered Spider target)
- Eradicate potential malicious presence from the org’s identity infrastructure (again – a favorable and publicly documented Scattered Spider technique)
Additionally, you’ll gain insights into the steps taken in response, focusing on three dimensions of lateral movement:
- User Accounts – We’ll look at the needed policies and monitoring for service accounts, admin users, and domain users
- Identity Infrastructure – We’ll discuss limiting user access, disabling insecure authentication protocols, and further harden authentication requirements
- Other Domain-Joined Machines – We’ll look at limiting inter-machine communication for user’s workstations, temporarily blocking insecure authentication protocols
See you there!
https://thehackernews.com/2024/02/learn-how-to-build-incident-response.html