Incident Response report 2018
#1
Exclamation 
Quote:
[Image: incident-response-report-2018-1_.png]

Introduction

This report covers our team’s incident response practices for the year 2018. We have thoroughly analyzed all the service requests, customer conversations and incident response deliverables to provide you an overview in numbers. The report includes statistics on how companies reveal data breaches and compromises, the attack vectors most commonly used by adversaries, how long they remain inside a company’s infrastructure and much more. We also provide some high-level recommendations to improve resilience against such attacks.

The data used in this report comes from the wide range of incident investigation services provided by Kaspersky teams. The main digital forensic and incident response operations unit is called the Global Emergency Response Team (GERT) and includes experts in Europe, Latin America, North America, Russia and the Middle East. However, our operational coverage is much greater and that’s why our company focused many more resources on incident response and malware analysis activities. An example of this is the advanced targeted attack investigations by the Global Research and Analysis Team (GReAT).

Reasons for requesting incident response

More than half of the requests for investigation were initiated by customers after detecting an attack that had visible consequences, such as unauthorized money transfers, workstations encrypted by ransomware, service unavailability, etc. This indicates the need to improve attack detection methods and incident response procedures within a company to avoid financial losses and to minimize the impact of attacks on the company’s infrastructure.

It should be noted that in two out of three cases, investigation of incidents related to the detection of suspicious files or network activity revealed an actual attack on the customer’s infrastructure. In the other cases, suspicious activity was caused by unusual user actions or software behavior related to security misconfigurations.

The most common reason for customer requests was a ransomware attack. This category of attack is characterized by rapid development, difficulty of early detection, and contrastingly obvious consequences.

Experts from Kaspersky Anti-Malware Research Department ranked the most common types of ransomware which targeted organizations in 2018.
Continue Reading
Full PDF Report
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>