Phishing Incident Response – Back to the Past, Present, and Recorded Future
Attackers like to boast about their accomplishments as well as announce their plans. They leave trails of evidence across the open web just waiting to be discovered, if you’re looking in the right places. Similarly, as events occur, researchers and those attacked begin to share information. Employees within our organizations are a primary target of attackers with well-crafted spear phishing emails and some of which may stem from over sharing or whatever is personally newsworthy. Indicators of compromise (IOCs) help security teams in their incident response process. Has this been seen before? When did it start? Are there any indicators that this attack will be used again? This is valuable information to help determine the validity of the attack and what may be next.