www.secureworks.com Open in urlscan Pro
13.107.237.59  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to main content
NEW REPORT 2022 State of the Threat: A Year in Review
 * Experiencing a Breach?
 * Contact Us
 * Support
 * Login
 * Blog
 * English



 * Products
 * Services
 * Why Secureworks
 * Partners
 * Resources

Request Demo
Close
Close
0 Results Found
 * Products
 * Products, Services & Solutions
 * Insights
 * About
 * Contact
 * Other

Back To Results
 * 


 * Cybersecurity Threat Intelligence Blogs
 * 5 Takeaways from Incident Response Engagements

Business Imperatives



5 TAKEAWAYS FROM INCIDENT RESPONSE ENGAGEMENTS

Real-world insights from customer engagements can help other organizations
improve their security posture. Tuesday, July 12, 2022 By: Rebecca Taylor,
Incident Response
 * 
 * 
 * 
 * 

Every year, Secureworks® incident responders help customers contain and
remediate hundreds of cybersecurity incidents. The insights and trends
discovered during these incident response (IR) engagements can help
organizations make smarter decisions about cybersecurity strategy and tactics.
Although the threat landscape and incident details fluctuate, five takeaways
from 2021 engagements remain relatively consistent.


TAKEAWAY #1: RANSOMWARE CONTINUES TO DRIVE THE NEED FOR BETTER THREAT DETECTION.

Post-intrusion ransomware is consistently the top reason that organizations
request Secureworks IR engagements. Cybercriminals are increasingly adopting
“name-and-shame” tactics, pressuring victims to pay ransoms by threatening to
publicly release stolen data. This approach goes beyond simply holding encrypted
data hostage.

Organizations must improve their ability to quickly discover, identify, and
neutralize threat actors who have accessed the network. The better the threat
detection, the better the chances of mitigating a compromise before the threat
actors deploy ransomware.


TAKEAWAY #2: VULNERABLE INTERNET-FACING SYSTEMS ARE A COMMON INITIAL ACCESS
VECTOR (IAV).

In 2021, exploitation of vulnerabilities in internet-facing systems (also known
as scan-and-exploit attacks) displaced credential-based attacks as the most
common IAV observed in Secureworks IR engagements (see Figure 1). There could be
various explanations for this shift: organizations are increasing implementation
of multi-factor authentication (MFA) to protect credentials, threat actors have
improved their ability to weaponize exploit code that the cybersecurity
community publishes when vulnerabilities are publicly disclosed, or
infrastructure is being built out more rapidly than organizations can secure it.


Figure 1. IAVs observed during Secureworks IR engagements in 2021. Due to
rounding, the percentages may not add up to 100%. (Source: Secureworks)



Whatever the reason, one thing is clear: organizations must improve the speed
and scale at which they can perform vulnerability assessments and remediations.
In addition, given that no organization can patch every vulnerability in real
time, it is vital to invest in vulnerability detection and response (VDR)
technology. This technology enables organizations to prioritize patching
activities based on the actual risk to the business.


TAKEAWAY #3: SINGLE-FACTOR AUTHENTICATION IS A LIABILITY.

Most of the IR engagements involving stolen credentials revealed threat actors
authenticating to remote access solutions that did not enforce MFA. It is
important for organizations to implement MFA across their environment and ensure
that it is configured correctly. Organizations should also invest in rapid,
reliable threat detection that is based on behavioral clues across all
endpoints, network infrastructure, and cloud resources.


TAKEAWAY #4: EMAIL-BASED ATTACKS CONTINUE TO EVOLVE.

Phishing and spearphishing emails are common and can include malicious links and
attachments. Attacks that use third-party services such as social media,
victims’ personal webmail, and popular file-sharing sites for hosting malicious
content can be particularly difficult to prevent because these services are not
governed by enterprise security controls. As more employees work from home and
access enterprise and personal resources on the same devices, it becomes easier
for attackers to exploit personal contacts to gain enterprise access.

User education is a critical defense against email-based compromise. Training
employees to recognize and report phishing attempts can limit the success of
these attacks. The awareness can also help employees avoid compromise of their
personal information.


TAKEAWAY #5: FUNDAMENTALS ARE FUNDAMENTALS FOR A REASON.

Attackers often seek the path of least resistance. Organizations can prevent or
quickly detect and remediate many incidents by implementing basic cybersecurity
practices.

Secureworks incident responders provide tailored recommendations to affected
organizations. Common recommendations address management of vulnerabilities,
accesses, and logs. Figure 2 lists the most frequent recommendations provided
during Secureworks IR engagements in 2021.


Figure 2. Most common recommendations provided during Secureworks IR engagements
in 2021. (Source: Secureworks)



Learning from Incident Response — Get the latest insights from the cyber
trenches

Download Report


YOU MIGHT ALSO LIKE

 * Incident Response Life Cycle – Phases for Effective IR
 * Incident Response Preparation Phase in Cybersecurity
 * Proactive Incident Response Readiness


STAY INFORMED

Get the latest in cybersecurity news, trends, and research 
SEND ME UPDATES


NOW TRENDING...


 * 2022 State of the Threat Report
 * XDR vs. SIEM: A Cybersecurity Leader’s Guide
 * Modernize Your Security Operation Center with XDR
 * MDR Done Right
 * EDR, XDR, MDR: Filtering Out the Alphabet Soup of Cybersecurity

Secureworks Taegis™ 

Security Analytics +
Human Intelligence
Delivers Better
Security Outcomes







About Taegis


LATEST REPORT


Reports
2022 State of the Threat Report
Tags:
 * incident response

Enjoyed what you read? Share it!
 * 
 * 
 * 
 * 





RELATED CONTENT

Infographics


THE WINDOW OF OPPORTUNITY FOR STOPPING A RANSOMWARE ATTACK

Podcasts


MOVING BEYOND THE ENDPOINT: WHY EDR ISN’T ENOUGH

Reports


LEARNING FROM INCIDENT RESPONSE: 2022 YEAR IN REVIEW

Infographics


THE WINDOW OF OPPORTUNITY FOR STOPPING A RANSOMWARE ATTACK

Podcasts


MOVING BEYOND THE ENDPOINT: WHY EDR ISN’T ENOUGH



GET THE LATEST UPDATES AND NEWS FROM SECUREWORKS.

Subscribe Now



PRODUCTS

 * DETECTION & RESPONSE
   
   * XDR
   * MDR
   * Threat Hunting
   * Log Management
   * MITRE ATT&CK Coverage

 * ENDPOINT SECURITY
   
   * EDR
   * NGAV

 * NETWORK SECURITY
   
   * IDPS

 * VULNERABILITY MANAGEMENT
   
   * Vulnerability Risk Prioritization


SERVICES

 * ASSESS & PLAN
   
   * Threat Hunting Assessment
   * Vulnerability Assessment
   * Ransomware Readiness Assessment

 * BATTLE TEST & EXERCISE
   
   * Application Security Testing
   * Adversary Exercises
   * Penetration Testing

 * INCIDENT RESPONSE
   
   * About Emergency Incident Response
   * Emergency Breach Hotline


WHY SECUREWORKS

 * Why Secureworks
 * Corporate Overview
 * Corporate Responsibility
 * Careers
 * Investor Relations


RESOURCES

 * Blog
 * Resource Library
 * Case Studies
 * Data Sheets
 * Industry Reports
 * In the News
 * Knowledge Center Library
 * Live Events
 * Threat Resource Library
 * Threat Profiles
 * White Papers
 * Webinars
 * Podcasts
 * Videos


GET IN TOUCH

 * Experiencing a Breach?
 * Contact
 * Support
 * Login

©2023 Secureworks, Inc.

 * Privacy Policy
 * Supply Chain Transparency
 * Terms & Conditions
 * Accessibility Statement
 * Unsubscribe
 * Cookie Settings













By clicking “Accept All Cookies”, you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts.

Accept All Cookies
Reject All
Cookies Settings


PRIVACY PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
Allow All


MANAGE CONSENT PREFERENCES

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.    All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites.    They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages.    If you do not allow these cookies then
some or all of these services may not function properly.

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms.    You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.

Back Button


COOKIE LIST



Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

Reject All Confirm My Choices