To Learn & know more about Threat Intelligence visit our website – FirstHackersNews

Under Attack

Suspect or Sure; you are under a Cyber-attack?

 

We highly recommend you not to panic and ensure that you don’t take any actions without having a clear idea about the attack. Any knee jerk action may harm the key artefacts required for later stage or increase the impact to your organization.

 

We at i6 have real time hands-on experience in handling multiple types of attack and containing them successfully. The following is an overall guideline for you to analyse the attack and keep your answers ready when you contact our experts.

Don’t Panic

Any security incidents can create panic. Being an incident manager you need to ensure there is no panic across the organization and that the situation would be brought under control before executing / performing some recovery steps. Educate the required stake holders about the incident and ensure the DR / BCP options are enabled to continue your business as usual before we move further to continue the investigation

 

Note: Ensure when you are enabling the DR / BCP, the compromised system evidences are not tampered by anyone to continue the security investigation by us

 

Facing any business Impact?

If any of your business services are down due to the incident, please ensure to look for immediate alternative solutions available within your organization. You need to ensure none of your customers / services are impacted thereby impacting your organizational credibility.

How are you confirming it’s a security breach?

Do you have any visible evidence where adversaries compromised your environment? Or any of your organization / customers PII / PCI / HIPAA data has been disclosed publicly by some attackers? Are you facing any Targeted attacks like DOS /DDOS attack on your public services? Any Ransomware / malware implantation in any of the servers / systems with in your organization? Are you facing abnormal traffic with in your organization?

We need to ensure what kind of attack which you are facing before taking any further procedures. Else, the attack can incorporate with more intensity and make substantial damage to your organization. To avoid such issues ensure the incident is evaluated meritoriously

Any Remedial Actions executed?

After re-confirming the incident, have you performed any remedial actions to contain the incident?

  • Shutting down the Impacted Servers / Services
  • Enabled the DR / BCP solutions for the impacted services
  • Removing the system from Power supply
  • Isolating the impacted Server physically or over EDR
  • Blocking the traffic in your firewall
  • Blocking the incident impacted system ports and network
  • Re-installed the operating system of the impacted machine / servers
Visible Evidences observed?

Visible evidences confirms the attacks criticality in which we need to take quick actions to avoid further impacts, identifying such evidence is highly important and threat to the organization.

  • Any of your websites / applications carrying hackers compromised logo?
  • Any of your websites / applications are pwned by hackers with some messages?
  • Identified Ransomware images on any of your systems and servers?
  • Malware activities found from number of systems
  • Any email communications from attackers which substantiate as an evidence to the attack
Reach us!!!