Incident Response – PossibleThreat Articles

Qilin ransomware caught stealing credentials stored in Google Chrome

August 22, 2024 0 Comments credentials, featured, Incident Response, Privacy, qilin, Ransomware, security operations, threat research

Credit to Author: Angela Gunn| Date: Thu, 22 Aug 2024 10:45:48 +0000

Familiar ransomware develops an appetite for passwords to third-party sites

Security Sophos

Don’t get Mad, get wise

August 13, 2024 0 Comments anydesk, featured, Incident Response, mad liberator, malware, security operations, Social engineering, threat research

Credit to Author: Angela Gunn| Date: Tue, 13 Aug 2024 09:59:22 +0000

The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for

Security Sophos

RD Web Access abuse: Fighting back

June 14, 2024 0 Comments active adversary, active adversary report, featured, Incident Response, RDP, security operations, sophos x-ops, threat research

Credit to Author: Angela Gunn| Date: Wed, 12 Jun 2024 18:59:54 +0000

Investigation insights and recommendations from a recent welter of incident-response cases

Security Sophos

Sophos Incident Response achieves NCSC Certified Incident Response (CIR) Level 2 status

May 14, 2024 0 Comments cir, featured, Incident Response, ncsc, products & services, sophos ir

Credit to Author: Sally Adam| Date: Tue, 14 May 2024 07:00:35 +0000

I am delighted to announce that the Sophos Incident Response service has been awarded U.K.’s National Cyber Security Centre (NCSC) Cyber Incident Response (CIR) Level 2 status by CREST. This assurance confirms that amid the sophisticated cybersecurity threat landscape, Sophos has the experience and capabilities to deal with incidents caused by financially motivated criminals, such […]

Security Sophos

Extracting data from encrypted virtual disks: six methods

May 13, 2024 0 Comments data extraction, dfir, encryption, featured, Incident Response, mdr, Ransomware, security operations, threat research, virtual machine

Credit to Author: Angela Gunn| Date: Mon, 13 May 2024 08:30:24 +0000

For incident responders, a variety of techniques for information retrieval from locked-up VMs

Security Sophos

It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024

April 15, 2024 0 Comments active adversary, active adversary report, case study, featured, Incident Response, RDP, threat research

Credit to Author: Angela Gunn| Date: Wed, 03 Apr 2024 10:01:37 +0000

The latter half of 2023 found numerous fronts on which attackers failed to press ahead. Are defenders failing to take advantage?

Security Sophos

Remote Desktop Protocol: The Series

March 20, 2024 0 Comments active adversary, featured, Incident Response, incident response tools, mdr, RDP, security operations, sophos x-ops, threat research

Credit to Author: Angela Gunn| Date: Wed, 20 Mar 2024 16:18:21 +0000

What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report

Security Sophos

Remote Desktop Protocol: Exposed RDP (is dangerous)

March 20, 2024 0 Comments Incident Response, incident response tools, mdr, RDP, security operations, sophos x-ops

Credit to Author: Angela Gunn| Date: Wed, 20 Mar 2024 16:16:34 +0000

Is it really that risky to expose an RDP port to the internet? What if you change the default port? What if it’s just for a little while? The data answers, loud and clear

Security Sophos