<div class="block-paragraph_advanced"><p>Written by: Matthew McWhirt, Bhavesh Dhake, Emilio Oropeza, Gautam Krishnan, Stuart Carrera, Greg Blaum, Michael Rudden</p> <hr/></div> <div class="block-paragraph_advanced"><p><em>UPDATE (March 13): <span style="vertical-align: baseline;">Added guidance around abuse or misuse of endpoint / MDM platforms</span>.</em></p> <h3><span style="vertical-align: baseline;">Background</span></h3> <p><span style="vertical-align: baseline;">Threat actors leverage destructive malware to destroy data, eliminate evidence of malicious activity, or manipulate systems in a way that renders them inoperable. Destructive cyberattacks can be a powerful means to achieve strategic or tactical objectives; however, the risk of reprisal is likely to limit the frequency of use to very select incidents. Destructive cyberattacks can include destructive malware, wipers, or modified ransomware.</span></p> <p><span style="vertical-align: baseline;"><span style="vertical-align: baseline;">When conflict erupts, cyber attacks are an inexpensive and easily deployable weapon. It should come as no surprise that instability leads to increases in attacks. </span>This blog post provides proactive recommendations for organizations to prioritize for protecting against a destructive attack within an environment. The recommendations include practical and scalable methods that can help protect organizations from not only destructive attacks, but potential incidents where a threat actor is attempting to perform reconnaissance, escalate privileges, laterally move, maintain access, and achieve their mission. </span></p> <p><span style="vertical-align: baseline;">The detection opportunities outlined in this blog post are meant to act as supplementary monitoring to existing security tools. Organizations should leverage endpoint and network security tools as additional preventative and detective measures. These tools use a broad spectrum of detective capabilities, including sig

Read Full Article at Mandiant Blog →