April 24, 2020

Playbook for Maze Ransomware

You need to quickly contain the problem considering which part of kill chain your adversary is in. You to need contain and neutralize the impact of the incident by possibly shutting down specific services/servers/segments.

April 12, 2020

Playbooks for video conferencing app attacks

With the rush for Working From Home, organizations are overwhelmed with employees using video conferencing technologies, from Slack, Skype and Discord to GoToMeeting, Zoom and Webex. What are your security teams supposed to do when incidents like Fairfax school strike? Do they have the basic steps and planned approach to handle the events?. In this page we cover the top tips to analyze and mitigate/contain/remediate […]

April 6, 2020

Playbook for Phishing

If short on time directly jump to the playbooks section. Summary Any attempt to compromise a system and/or steal information by tricking a user into responding to a malicious message. The most common phishing attacks involve emails armed with malware hidden in attachments or links to infected websites, although phishing can be conducted via other methods such as voicemail, text messages, and social media, too. […]

September 10, 2024

Incident Response – Need for continuous fine tuned detection and logging

Most major cyber attacks have a lot of early warning signals coming in, so early detection helps a lot and gives time for incident response. Logs for Incident Response https://www.first.org/resources/papers/conference2008/chuvakin-anton-slides.pdf Best practises for Event Logging Benefits of continuous and aggressive monitoring of your Event Logging:Enhanced Visibility: Gain a deeper understanding of network activity and potential threats.Faster Incident Response: Early Detection and quick response to security […]

August 25, 2024

LLM case studies to get Security Teams prepared

Enterprises are going to adopt a wide range of Generative AI use cases. The security teams need to understand them, and how they are built so they can eventually protect it better. Here we are learning from the perspective of Incident Response to cyber attacks on the AI platforms. Case study 1 – A great CTI tool – Neutocti This project gives a great insight […]

August 25, 2024

Generative AI – LLM – For Enterprise and AI incidents

FlexibleIR is an AI Incident company. We help enterprises prepare to handle cyber attacks on their AI deployments. As part of the program, we ensure that enterprises have established strong AI governance. We provide Playbooks and TableTops to respond to malicious activity against AI systems and related data and services. These are most applicable to Enterprises deploying and operating externally developed AI systems on premises […]

April 8, 2024

Incident response Case Studies and lessons learnt on the ground

Case studies help a lot in understanding how other companies respond to a crisis situation. What is the learning our organisation can take from it? Can we do a table top exercise using this as a scenario? Our approach – Reuse as much operational knowledge gained by your peers who have already handled attacks. Most of them are kind enough to help you provided you […]

November 15, 2023

Ransomware response training and drills

Preparedness is key to handling a massive cyber attack. Below are steps that we believe will aid you to be confident and respond effectively. Our approach of using visually easy and simple Playbooks will aid in developing the strong muscle memory required while mitigating an attack. First, know whom to call. Please first ensure you are able to quickly mobilize all the help required and […]

November 13, 2023

Cyber Crisis Management Blueprints

The art of understanding what a crisis is and managing it is key. Enterprises need to have clear Blueprints and Frameworks established to respond to a crisis like a Ransomware attack:1. Incident Response Plans with defined roles and responsibilities2. Playbooks with the course of actions (CoA) to respond – both technical and management levels.3. A system to regularly conduct TableTops and drills – clear after-action […]