That a compromised mailbox is an extremely unpleasant situation is something everyone should be able to imagine. In a recent case we have investigated, attackers have been particularly clever.
In this article, we will look at artifacts that should always be collected during an incident on a Windows-based system to get the best possible picture of what happened.
In Active Directory, domains are used to emulate organizational structures; a domain is always an organizational unit with a unique name that contains, among other things, specific security policies and settings.
Having previously made a name for itself on the criminal scene by attacking major companies such as Quanta Computer and Invernergy, REvil's latest attack on software company Kaseya and its update service is believed to have affected several hundred companies worldwide.
In the event of an attack, companies should take appropriate countermeasures with professional help. The tool of choice here is Digital Forensics & Incident Response (DFIR).
Log management describes the centralized storage of event logs and the ability to search and analyze this data. The benefits of a solid log management solution are manifold and span different areas.