Light Dark
December 11, 2020 By Limor Kessem
Nick Rossmann
2 min read
Incident Response
News
Threat Intelligence

This year has been a challenging one for organizations that faced data breaches, intrusions and ransomware attacks at the hands of cyber criminals and nation-state attackers. Cybersecurity firm FireEye announced on Dec. 8, 2020, that an adversary targeted and gained unauthorized access to its Red Team tools — an important call to every company to remain vigilant and be prepared for a potential incident.

FireEye reported that the attack affected its networks and released information to the industry and authorities. As part of its rapid response, the company has released countermeasures (posted to GitHub) that can help detect or block the use of their stolen Red Team tools.

This incident underscores that any organization can be targeted and attacked by a persistent and sophisticated adversary. In this case, FireEye notes the tactics used against it are “consistent with a nation-state cyber-espionage effort.”

Among the many incidents that plagued companies this past year, this serves as a reminder of the necessity of methodical preparation for when an incident may occur, including:

  • Have an incident response plan and an internal team in charge of incident identification and escalation.
  • Develop incident response plans according to risks and threats that apply to your organization, practice the plans and ensure key leaders know their roles.
  • Prepare and rehearse your cyber crisis management plan. If your executives, communications, legal, finance and marketing teams are meeting for the first time on how they would respond to an incident in the hours after one occurs, it is too late.
  • As needed, have an incident response firm on retainer and know when to call for help and who makes that decision as quickly as possible.

IBM Security’s X-Force team will provide additional materials about the incident on X-Force Exchange. Please visit often or subscribe to receive email notifications to stay up to date. Please revisit this blog for additional updates as relevant.

If your organization requires immediate assistance with incident response, please contact IBM Security X-Force’s US hotline 1-888-241-9812 or Global hotline (+001) 312-212-8034. Learn more about X-Force’s threat intelligence and incident response services.

 |  |  | 
Limor Kessem
Principal Consultant, X-Force Cyber Crisis Management, IBM
Nick Rossmann
Global Lead, X-Force Threat Intelligence, IBM Security

More from Incident Response
October 6, 2023

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

September 27, 2023

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…

August 31, 2023

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature