At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Incident Response Actions are Systematically Reversed by Hackers to Maintain Persistence

    Analysis of attacks on two cellular carriers have resulted in the identification of threat actions designed to undo mitigations taken by security teams mid-attack.

    We’d like to think that the attackers only move in a game of cyberattack chess is “attack” and then once you begin to mitigate their intrusion, lateral movement, modification of user accounts, etc. the threat actor just gives up and you win. But new analysis of several attacks by security vendor Crowdstrike show that while your team is busy trying to undo everything attackers have done to facilitate their access, they are equally busy either reversing your actions or setting up additional means of entry, privilege, and access.

    According to the analysis, Crowdstrike observed the following activity mid-attack when response actions weren’t being taken swiftly:

    • Setup of additional VPN access
    • Setup of multiple RMM tools
    • Re-enabling of accounts disabled by security teams

    It’s just like chess; you make a move and your adversary makes another.

    There are two takeaways from this story:

    • Response actions need to be swift; you need to cut off attacker access quickly and effectively
    • Based on the initial attack vectors – mostly social engineering designed to harvest credentials, Security Awareness Training for every user is needed to keep users vigilant whether they’re using email, the phone, or the Internet.

    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Request a Demo!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top