Within the tumultuous panorama of cybersecurity, the yr 2023 left an indelible mark with the brazen exploits of the Scattered Spider risk group. Their assaults focused the nerve facilities of main monetary and insurance coverage establishments, culminating in what stands as one of the impactful ransomware assaults in current reminiscence.
When organizations haven’t any response plan in place for such an assault, it could actually turn into overwhelming making an attempt to prioritize the subsequent steps that may have a compounding impression on the risk actor’s potential to retain entry to and management over a compromised community.
Silverfort’s risk analysis crew interacted carefully with the id threats utilized by Scattered Spider. and in reality, constructed a response playbook in actual time to answer an energetic Scattered Spider assault. This webinar will dissect the real-life situation wherein they have been known as upon to construct and execute a response plan whereas attackers have been shifting inside a company’s hybrid setting.
Hear immediately from the Silverfort crew concerning the challenges they confronted, together with the best way to quickly and effectively (and in as automated a fashion as doable) meet the next response targets:
- Put ‘roadblocks’ instantly in place to guard towards extra lateral motion from that time ahead
- Pinpoint person accounts that have been compromised, with a particular emphasis on service accounts (a well-liked Scattered Spider goal)
- Eradicate potential malicious presence from the org’s id infrastructure (once more – a positive and publicly documented Scattered Spider approach)
Moreover, you will achieve insights into the steps taken in response, specializing in three dimensions of lateral motion:
- Person Accounts – We’ll have a look at the wanted insurance policies and monitoring for service accounts, admin customers, and area customers
- Id Infrastructure – We’ll focus on limiting person entry, disabling insecure authentication protocols, and additional harden authentication necessities
- Different Area-Joined Machines – We’ll have a look at limiting inter-machine communication for person’s workstations, briefly blocking insecure authentication protocols
See you there!