Category: General

November 15, 2023

Ransomware response training and drills

Preparedness is key to handling a massive cyber attack. Below are steps that we believe will aid you to be confident and respond effectively. Our approach of using visually easy and simple Playbooks will aid in developing the strong muscle memory required while mitigating an attack. First, know whom to call. Please first ensure you are able to quickly mobilize all the help required and […]

November 13, 2023

Cyber Crisis Management Blueprints

The art of understanding what a crisis is and managing it is key. Enterprises need to have clear Blueprints and Frameworks established to respond to a crisis like a Ransomware attack:1. Incident Response Plans with defined roles and responsibilities2. Playbooks with the course of actions (CoA) to respond – both technical and management levels.3. A system to regularly conduct TableTops and drills – clear after-action […]

October 29, 2023

Cyber resiliency – Ransomware Response Bootcamp

FlexibleIR in association with DSCI and CERT India has created a unique Ransomware Rapid Response 2-day Bootcamp program. Tens of organisations are better prepared for a crisis!. Here we conduct drills and build Playbooks to ensure the organization is prepared technically and from the management perspective too. Key points on the BootCamp1. BYOP – Build your own visual playbooks for Rapid Response and compare them […]

March 30, 2022

Incident Response Playbook – Current Geo-Political Conflicts

A visually easy Incident Response Playbook to defend against cyber attacks related to current Geo-Political conflict – https://board.flexibleir.com/b/Pijsre9DwPMtSgBNY/templatenistv01 The current conflicts could increase the number of cyberattacks. Organizations could be directly targeted or be collateral victims in most cases.  GOAL: Every organization — large and small — must be prepared to respond to disruptive cyber activity. 

December 13, 2021

Log4j CVE-2021-44228 Incident response Playbook

If short on time directly jump to the playbooks section. It is key to follow new reports continuously as newer discoveries and developments are happening. Ensure to see article time stamps. Quick SANS video – https://www.youtube.com/watch?v=oC2PZB5D3Ys Playbook Mitigations Apply Patch Log4j versions upgraded to log4j-2.15.0-rc1. Test first on non-production systems. In case not able to apply the patch For version >=2.10: set log4j2.formatMsgNoLookups to true.  […]

September 2, 2021

Playbook for a Ransomware Attack

If under attack, quickly do the scoping and plan for containment. Download an Authoritative Write-Up (if available) for the Specific Ransomware Variant(s) Encountered. Harvest additional Indicators from the Report(s). Mobilize the team and remember to take as much help as possible. Ransomware operations will mostly have similar patterns of attack frameworks, tools, and techniques across victims. They will also have similar operations as other Ransomware […]

May 10, 2021

Software Supply chain attack Playbook

If short on time directly jump to the playbooks section. Here we talk about how a Supply chain attack can be mitigated in general. A specific use case will be the SolarWinds supply chain attack – Link and the log4j vulnerabilities – Link It is important for an organization to have a list of all the software the company uses, their licenses and versions Know […]

December 24, 2020

SolarWinds Sunburst Incident Response Playbook

If short on time directly jump to the playbooks section. It is key to follow new reports continuously as newer discoveries and developments are happening. Ensure to see article time stamps. https://us-cert.cisa.gov/ncas/alerts/aa20-352a https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html https://github.com/fireeye/sunburst_countermeasures Volexity blog – Link The SolarWinds supply chain attacks are sophisticated in execution, broad in scope, and incredibly potent in their effectiveness. “SUNBURST is the malware that was distributed through SolarWinds […]

November 13, 2020

Incident response Case Studies and lessons learnt on the ground

Case studies help a lot in understanding how other companies respond to a crisis situation. What is the learning our organisation can take from it? Can we do a table top exercise using this as a scenario? Our approach – Reuse as much operational knowledge gained by your peers who have already handled attacks. Most of them are kind enough to help you provided you […]

November 13, 2020

Make better ROI on your SOAR implementations – Document your process first – then selectively automate

First – We compliment a SOAR solution. Our approach is to first design all your playbooks on Kanban boards, know the tasks well, profile them and run them manually. Then selectively move to automation using your selected SOAR solution. Advantages Playbook development workflow Below is a proposed workflow of a Playbook as we have observed working with enterprises and critical infrastructure companies