Cyberattacks have increased in speed, scale and sophistication in the past year, as is highlighted in our 2024 Unit 42 Incident Response Report. We have continued to see the threat landscape evolve faster than most organizations can keep pace:
In about 45% of our cases in 2023, attackers exfiltrated data in less than 24 hours after compromise. This means that organizations must respond within hours to stop them.
Exploitation of internet-facing vulnerabilities increased to 39% and became the top initial access vector in our incident response cases. This jump is related to several large, automated intrusion campaigns that swept across the internet in 2023.
Attackers are more organized, with specialized teams for different parts of the attack. They’re more knowledgeable and able to use IT, cloud and security tools as weapons of offense. And they’re more efficient, using processes and playbooks to quickly achieve their goals.
To illustrate how these dynamics play out in real-world scenarios, let’s examine two Unit 42 incident response cases that provide valuable insights into how today’s adversaries operate and the strategies that are needed to defend against them effectively.
Speed & Scale
In just 13 hours, a telecom provider was devastated by a fast-moving ransomware attack that encrypted files across tens of thousands of systems, exfiltrated sensitive data, and brought half of their business operations to a standstill. The client urgently engaged Unit 42 to contain the attack, prevent further data exfiltration, and help restore their operations. Within 2 hours of being called, Unit 42 began assessing the situation, quickly uncovering that the Black Basta ransomware had been deployed via a phishing email, leading to widespread unauthorized access.
Given the speed of the attack, rapid deployment of Cortex XDR across the impacted environment within 96 hours was critical to containing the threat, allowing Unit 42’s Managed Detection and Response team to begin 24/7 monitoring and threat hunting. As part of their response, Unit 42 negotiated an 80% reduction from the initial ransom demand and successfully implemented the decryption keys to recover encrypted data. Further investigation revealed gaps in network segmentation, credential control, endpoint security and security visibility. To mitigate future risks, Unit 42 deployed additional firewalls and access control technologies, reinforcing the client’s defenses against the speed and agility of evolving threat actors.
Sophistication
During a recent engagement, Unit 42 responded to a sophisticated cyberattack orchestrated by the threat actor Muddled Libra. Over one week, the client endured five targeted attacks that showcased the adversary’s ability to adapt and exploit new pathways, even leveraging the client’s own security tools for lateral movement and further compromise.
Unit 42 was swiftly brought in to investigate and respond, focusing on a holistic security approach that included containment and remediation. Drawing on deep knowledge of Muddled Libra’s tactics, Unit 42 conducted a comprehensive assessment to identify unauthorized access and determine the full scope and impact of the attacks. The team advised the client on immediate actions, including securing compromised accounts, isolating affected systems, reconstructing Active Directory, changing passwords and hardening firewalls.
With the priority of restoring systems to a secure state, Unit 42 applied patches and reinforced network defenses. This collaboration not only mitigated the immediate threat but also helped the client enhance their long-term security posture through improved practices, awareness training and regular security assessments.
What It Means to Have Unit 42 on Retainer
In today’s rapidly evolving threat landscape, organizations need more than just a reactive response strategy. They need a partner who can proactively identify vulnerabilities and provide a quick, strategic response when incidents occur. This is where Unit 42 comes in. By having Unit 42 on retainer, organizations gain access to a wealth of expertise and resources that go beyond simply returning to normal operations; they gain a partner dedicated to transforming their security posture for the long term.
Unmatched Visibility and Expertise
Unit 42 delivers unparalleled visibility into the latest attack trends and tactics, combined with deep expertise in countering them. Backed by extensive telemetry data from more than 80,000 Palo Alto Networks enterprise customers worldwide and one of the industry’s largest threat intelligence databases, our team has access to broader telemetry than any other cybersecurity company.
Industry-Leading Incident Response
Our incident response team is recognized as one of the best in the industry, handling more than 1,000 cybersecurity engagements annually. Named a leader in The Forrester Wave for Cybersecurity Incident Response, Unit 42 is known for its speed, precision and effectiveness in containing and mitigating incidents. But we don’t just stop there. Our approach also focuses on helping organizations build resilience by transforming their security strategies and operations post incident.
The Power of Palo Alto Networks and Precision AI
Leveraging the advanced capabilities of Palo Alto Networks product platforms, powered by Precision AI, we bring a level of automation and insight that keeps us, and our clients, steps ahead of threat actors every time. This combination of human expertise and AI-driven technology ensures a comprehensive, proactive approach to cybersecurity.
Exclusive Offer for Palo Alto Networks Customers
Recognizing the growing need for rapid, expert intervention in today’s threat environment, Unit 42 is pleased to offer our no-cost Unit 42 Rapid Incident Response Retainer program, exclusively to qualified Palo Alto Networks customers. This retainer ensures that when every second counts, you have a trusted partner ready to jump into action, minimizing impact and helping you recover with confidence.
Having Unit 42 on retainer means more than just access to top-tier incident response; it means having a partner committed to your organization’s security success. Don’t just react to threats, stay ahead of them with Unit 42.
The No-Cost Unit 42 Rapid IR Retainer
For qualified Palo Alto Networks customers, the Unit 42 Rapid Incident Response Retainer offers a suite of benefits:
The initial 250 hours of Unit 42 Incident Response services
A 2-hour response time SLA for incident response
24/7/365 access to the Unit 42 Incident Response team
Expertise in threat intelligence from Unit 42
Contact your Palo Alto Networks account manager to put Unit 42 on speed dial. If you believe you are under attack, contact Unit 42 directly.
The post Unit 42 Incident Response Retainers Enhance Organizational Resilience appeared first on Palo Alto Networks Blog.
Article Link: Unit 42 Incident Response Retainers Enhance Organizational Resilience
1 post – 1 participant
Cyberattacks have increased in speed, scale and sophistication in the past year, as is highlighted in our 2024 Unit 42 Incident Response Report. We have continued to see the threat landscape evolve faster than most organizations can keep pace:
In about 45% of our cases in 2023, attackers exfiltrated data in less than 24 hours after compromise. This means that organizations must respond within hours to stop them.
Exploitation of internet-facing vulnerabilities increased to 39% and became the top initial access vector in our incident response cases. This jump is related to several large, automated intrusion campaigns that swept across the internet in 2023.
Attackers are more organized, with specialized teams for different parts of the attack. They’re more knowledgeable and able to use IT, cloud and security tools as weapons of offense. And they’re more efficient, using processes and playbooks to quickly achieve their goals.
To illustrate how these dynamics play out in real-world scenarios, let’s examine two Unit 42 incident response cases that provide valuable insights into how today’s adversaries operate and the strategies that are needed to defend against them effectively.
Speed & Scale
In just 13 hours, a telecom provider was devastated by a fast-moving ransomware attack that encrypted files across tens of thousands of systems, exfiltrated sensitive data, and brought half of their business operations to a standstill. The client urgently engaged Unit 42 to contain the attack, prevent further data exfiltration, and help restore their operations. Within 2 hours of being called, Unit 42 began assessing the situation, quickly uncovering that the Black Basta ransomware had been deployed via a phishing email, leading to widespread unauthorized access.
Given the speed of the attack, rapid deployment of Cortex XDR across the impacted environment within 96 hours was critical to containing the threat, allowing Unit 42’s Managed Detection and Response team to begin 24/7 monitoring and threat hunting. As part of their response, Unit 42 negotiated an 80% reduction from the initial ransom demand and successfully implemented the decryption keys to recover encrypted data. Further investigation revealed gaps in network segmentation, credential control, endpoint security and security visibility. To mitigate future risks, Unit 42 deployed additional firewalls and access control technologies, reinforcing the client’s defenses against the speed and agility of evolving threat actors.
Sophistication
During a recent engagement, Unit 42 responded to a sophisticated cyberattack orchestrated by the threat actor Muddled Libra. Over one week, the client endured five targeted attacks that showcased the adversary’s ability to adapt and exploit new pathways, even leveraging the client’s own security tools for lateral movement and further compromise.
Unit 42 was swiftly brought in to investigate and respond, focusing on a holistic security approach that included containment and remediation. Drawing on deep knowledge of Muddled Libra’s tactics, Unit 42 conducted a comprehensive assessment to identify unauthorized access and determine the full scope and impact of the attacks. The team advised the client on immediate actions, including securing compromised accounts, isolating affected systems, reconstructing Active Directory, changing passwords and hardening firewalls.
With the priority of restoring systems to a secure state, Unit 42 applied patches and reinforced network defenses. This collaboration not only mitigated the immediate threat but also helped the client enhance their long-term security posture through improved practices, awareness training and regular security assessments.
What It Means to Have Unit 42 on Retainer
In today’s rapidly evolving threat landscape, organizations need more than just a reactive response strategy. They need a partner who can proactively identify vulnerabilities and provide a quick, strategic response when incidents occur. This is where Unit 42 comes in. By having Unit 42 on retainer, organizations gain access to a wealth of expertise and resources that go beyond simply returning to normal operations; they gain a partner dedicated to transforming their security posture for the long term.
Unmatched Visibility and Expertise
Unit 42 delivers unparalleled visibility into the latest attack trends and tactics, combined with deep expertise in countering them. Backed by extensive telemetry data from more than 80,000 Palo Alto Networks enterprise customers worldwide and one of the industry’s largest threat intelligence databases, our team has access to broader telemetry than any other cybersecurity company.
Industry-Leading Incident Response
Our incident response team is recognized as one of the best in the industry, handling more than 1,000 cybersecurity engagements annually. Named a leader in The Forrester Wave for Cybersecurity Incident Response, Unit 42 is known for its speed, precision and effectiveness in containing and mitigating incidents. But we don’t just stop there. Our approach also focuses on helping organizations build resilience by transforming their security strategies and operations post incident.
The Power of Palo Alto Networks and Precision AI
Leveraging the advanced capabilities of Palo Alto Networks product platforms, powered by Precision AI, we bring a level of automation and insight that keeps us, and our clients, steps ahead of threat actors every time. This combination of human expertise and AI-driven technology ensures a comprehensive, proactive approach to cybersecurity.
Exclusive Offer for Palo Alto Networks Customers
Recognizing the growing need for rapid, expert intervention in today’s threat environment, Unit 42 is pleased to offer our no-cost Unit 42 Rapid Incident Response Retainer program, exclusively to qualified Palo Alto Networks customers. This retainer ensures that when every second counts, you have a trusted partner ready to jump into action, minimizing impact and helping you recover with confidence.
Having Unit 42 on retainer means more than just access to top-tier incident response; it means having a partner committed to your organization’s security success. Don’t just react to threats, stay ahead of them with Unit 42.
The No-Cost Unit 42 Rapid IR Retainer
For qualified Palo Alto Networks customers, the Unit 42 Rapid Incident Response Retainer offers a suite of benefits:
The initial 250 hours of Unit 42 Incident Response services
A 2-hour response time SLA for incident response
24/7/365 access to the Unit 42 Incident Response team
Expertise in threat intelligence from Unit 42
Contact your Palo Alto Networks account manager to put Unit 42 on speed dial. If you believe you are under attack, contact Unit 42 directly.
The post Unit 42 Incident Response Retainers Enhance Organizational Resilience appeared first on Palo Alto Networks Blog.
Article Link: Unit 42 Incident Response Retainers Enhance Organizational Resilience
1 post – 1 participant
Read full topic