Events like this month’s breaches have happened before and will happen again. The task for defenders not directly affected by the Uber and Rockstar attacks, writes Chester Wisniewski, is to learn by putting your own team into those companies’ shoes.
A look at how MDR turned a targeted attack into a non-event, in which no high-value credentials are compromised and several dozen employees are not tricked into letting a bad guy get boots on the ground
After gaining access via RDP, all three threat actors encrypted files, in an investigation complicated by event log clearing and backups. 3 attackers, 2 weeks – 1 entry point.