Managing Cybersecurity Incidents: A Journey through cause, effect, and response
In this talk, we delve into the world of Digital Forensics and Incident Response (DFIR). We will cover the basics, such as the process and terminology, and examine four distinct incidents. For each incident, I will explain the ‘what’ and ‘how’ of the attack, the lessons learned, and the often-overlooked human aspect of incident response.
Business Email Compromise (BEC) Incident: We will explore a case where an adversary exploited a user and maintained persistence for a month to extract money.
Ransomware Incident: We will examine a company’s third ransomware incident, all of which happened within a span of 2 years, where the victim attempted to pay the ransom. We will discuss what went wrong during the recovery process.
Wiper Incident: We will delve into a rare hacktivism attack where 95% of the victim’s infrastructure and data, including backups and logs, were deleted.
Failed Attempt: Sometimes, attackers have bad days too. We will look at an incident where the attackers gained access to the company’s infrastructure but failed to deploy or exfiltrate anything.
By sharing my experiences, I hope to help attendees with the knowledge to stay proactive against cyber-attacks and, in the event of an incident, respond more effectively.