In the tumultuous landscape of cybersecurity, the year 2023 has left an indelible mark with the brazen exploits of the menacing group Scattered Spider. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what is shaping up to be one of the most impactful ransomware attacks of recent times.
When organizations do not have a response plan for such an attack, it can become difficult to attempt to prioritize next steps that will have a cumulative impact on the threat actor’s ability to maintain access and control over a network compromised.
Silverfort’s threat research team has interacted closely with the identity threats used by Scattered Spider. and in fact, created a real-time response playbook to respond to an active Scattered Spider attack. This webinar will explore the real-world scenario in which they were challenged to build and execute a response plan as attackers navigated an organization’s hybrid environment.
Hear directly from the Silverfort team about the challenges they faced, including how to quickly and efficiently (and as automatically as possible) achieve the following response objectives:
- Immediately put “roadblocks” in place to protect against further lateral movement from that point forward
- Locate compromised user accounts, with particular attention to service accounts (a favorite target of Scattered Spider)
- Eradicate the potential malicious presence from the organization’s identity infrastructure (again – a favorable and publicly documented Scattered Spider technique)
Additionally, you’ll gain insights into the steps you take in response, focusing on three dimensions of lateral movement:
- User Accounts: We’ll review the policies and monitoring needed for service accounts, administrative users, and domain users
- Identity Infrastructure: We’ll discuss limiting user access, disabling insecure authentication protocols, and further strengthening authentication requirements
- Other machines joined to a domain: We will look at limiting machine-to-machine communication for user workstations by temporarily blocking insecure authentication protocols
We see them!