active adversary playbook – Computer Security Articles

Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack

August 10, 2022 admin active adversary playbook, blackcat, Featured, hive, lockbit, ransomware, security operations, sophos x-ops

Credit to Author: Matt Wixey| Date: Wed, 10 Aug 2022 11:00:50 +0000

After gaining access via RDP, all three threat actors encrypted files, in an investigation complicated by event log clearing and backups. 3 attackers, 2 weeks – 1 entry point.

Security Sophos

Multiple attackers increase pressure on victims, complicate incident response

August 9, 2022 admin active adversary playbook, blackcat, conti, cryptominers, Featured, hive, iabs, karakurt, lockbit, ransomware, security operations, sophos x-ops, threat research

Credit to Author: Matt Wixey| Date: Tue, 09 Aug 2022 11:00:04 +0000

Sophos’ latest Active Adversary report explores the issue of organizations being hit multiple times by attackers

Security Sophos

Active Adversary Playbook 2022 Insights: Web Shells

June 22, 2022 admin active adversary playbook, cve-2021-31207, cve-2021-34473, cve-2021-34523, Featured, proxylogon, proxyshell, threat research, web shells

Credit to Author: gallagherseanm| Date: Wed, 22 Jun 2022 11:00:07 +0000

Public proofs-of-concept of web shell exploits coincide with major spikes in attacks.

Security Sophos

Move fast, unbreak things: About the Sophos Active Adversary Playbook 2022

June 7, 2022 admin active adversary playbook, security operations, SophosLabs Uncut, threat research

Credit to Author: Angela Gunn| Date: Tue, 07 Jun 2022 11:16:50 +0000

Our latest report shows that the most pleasant way to learn from Rapid Response mayhem is to read about how it worked out for someone else