The brazen exploits of the Scattered Spider threat group in 2023 left a lasting impression on the turbulent cybersecurity landscape. One of the most significant ransomware attacks in recent memory resulted from their attacks on the nerve centers of significant financial and insurance institutions.
It can be difficult for organizations to prioritize the next steps that will affect the threat actor’s ability to maintain access to and control over a compromised network when they have no response strategy in place for such an attack.
The identity threats used by Scattered Spider and Silverfort’s threat research team worked closely together. In order to react to an active Scattered Spider attack, they even created a real-time response playbook. This webinar will examine the actual situation where they were required to create and carry out a response plan as attackers moved through the hybrid environment of an organization.
Hear directly from the Silverfort team about the difficulties they encountered, including how to accomplish the following response objectives as quickly, effectively, and as automatically as possible:
- To prevent further lateral movement from that point forward, place “roadblocks” right away.
- compromised Pinpoint user accounts, with a focus on service accounts ( a preferred Scattered Spider target ) in particular.
- ( Again, a helpful and well-documented Scattered Spider technique ) Remove any potential malicious presence from the organization’s identity infrastructure.
Additionally, you’ll learn more about the actions taken in response, concentrating on three lateral movement dimensions:
- User Accounts: We’ll examine the monitoring and policies required for administrators, domain users, and service accounts.
- Identity Infrastructure: We’ll talk about restricting user access, removing insecure authentication protocols, and strengthening authentication standards.
- Other Domain-Joined Machines- We’ll look at temporarily blocking insecure authentication protocols and limiting inter-machine communication for user workstations.
I’ll see you there.