Learning from Incident Response: April - June 2024

Key Points:

• Many observed malware infections were linked to drive-by downloads and SEO poisoning. Preventing employees from visiting unauthorized websites can greatly reduce the risk of these infections.
• Phishing remains a popular initial access vector for cybercrime and state-sponsored attacks.
• Phishing kits can help threat actors conduct adversary-in-the-middle (AiTM) attacks to steal tokens and bypass multi-factor authentication (MFA).

The Secureworks Incident Response (IR) team plays a critical role in supporting organizations impacted by a security incident. This report from the Secureworks Counter Threat Unit™ (CTU™) research team reviews key observations from IR engagements conducted in the second quarter of 2024.

Knowledge about threat actor behaviors can enable organizations to enhance best practices, make risk management decisions, and prioritize resource allocation.