Part 1 - Before the Storm By: Matthew Otte Throughout their many years of practice, Soterians have advised for, participated in, and commanded a large assortment of cyber security incident responses (IRs) in the form of both exercises and real-world events. Though no two response efforts are exactly alike, Soteria has discovered a [...]
By: David S. MANAGE. DETECT. RESPOND. In any organization that uses computers to manage or operate their business, there is inherent risk of a cyber incident. The level of risk can vary based on the structure of systems, controls in place, the storage or transfer of sensitive information (e.g. financial, personal, health, or intellectual property), [...]
On December 13, 2020 FireEye released their research into the compromise of the SolarWinds Orion supply chain, resulting in the compromise of a significant number of organizations around the world. Recommendations for incident response have been published by multiple entities with intimate knowledge of the situation, including FireEye, Microsoft, and the United States Department [...]
Remote Desktop Protocol, known as RDP, is a service built into Microsoft Windows operating systems that allows a user to connect to a remote computer over the network. This capability makes remote access and management of computer resources easier, which leads to efficiencies for IT staff. Unfortunately, RDP is also commonly leveraged by criminals [...]
Lexico vs. Ransomware Soteria recently has received urgent incident response requests from clients who had been hit with ryuk, banta, and, phobos ransomware. One of these clients had several systems already in the process of being encrypted when security professionals discovered the outbreak. After initial meetings and contracts were signed, through our Lexico [...]
The Challenge of Detector Management Security operations and monitoring teams face a variety of challenges: the rapid evolution of adversarial tradecraft, poor detector documentation, lack of detector version control, poor detection methodology, lack of testing procedures, and change control processes that are slow and time consuming. These issues plague security teams of all [...]
