网络攻击的速度、规模和复杂程度在过去一年中不断上升。Unit 42 2024 年第四季度应急响应报告强调了这一趋势。我们看到威胁态势的变化速度超过大多数组织的应对能力。Unit 42 为应对不断变化的威胁态势，推出了免费的快速应急响应服务，旨在帮助企业快速响应网络攻击，并提升组织的长期安全态势。

❤️‍🔥 攻击速度和规模的增加：2023 年，约 45% 的攻击者在入侵后不到 24 小时内就窃取了数据，这意味着组织必须在数小时内做出反应才能阻止他们。攻击者利用互联网面向的漏洞的比例上升至 39%，成为应急响应案例中主要的初始访问途径。这与 2023 年席卷互联网的几起大型自动化入侵活动有关。

🛡️ 攻击者更具组织性和专业性：攻击者拥有更强的组织性，针对攻击的不同部分组建了专门的团队。他们更了解如何将 IT、云和安全工具作为攻击武器。他们更有效率，使用流程和剧本快速实现目标。

🤝 Unit 42 的优势：Unit 42 提供无与伦比的最新攻击趋势和策略洞察，并拥有丰富的对抗经验。凭借来自全球 80,000 多家 Palo Alto Networks 企业客户的广泛遥测数据和业界最大的威胁情报数据库之一，我们的团队拥有比任何其他网络安全公司更广泛的遥测数据。

🚀 Unit 42 的快速应急响应服务：Unit 42 的应急响应团队被公认为业界最佳团队之一，每年处理超过 1,000 起网络安全事件。Unit 42 在 Forrester Wave 的网络安全应急响应领域被评为领导者，以其在控制和缓解事件方面的速度、精确度和有效性而闻名。

🧠 利用 Palo Alto Networks 的力量和精准 AI：利用 Palo Alto Networks 产品平台的先进功能，以及 Precision AI 的支持，我们能够提供自动化和洞察力，让我们和我们的客户每次都能领先于攻击者。这种人力专业知识和 AI 驱动的技术的结合，确保了对网络安全的全面、主动方法。

Cyberattacks have increased in speed, scale and sophistication in the past year, as is highlighted in our 2024 Unit 42 Incident Response Report. We have continued to see the threat landscape evolve faster than most organizations can keep pace:

In about 45% of our cases in 2023, attackers exfiltrated data in less than 24 hours after compromise. This means that organizations must respond within hours to stop them.Exploitation of internet-facing vulnerabilities increased to 39% and became the top initial access vector in our incident response cases. This jump is related to several large, automated intrusion campaigns that swept across the internet in 2023.Attackers are more organized, with specialized teams for different parts of the attack. They’re more knowledgeable and able to use IT, cloud and security tools as weapons of offense. And they’re more efficient, using processes and playbooks to quickly achieve their goals.

To illustrate how these dynamics play out in real-world scenarios, let’s examine two Unit 42 incident response cases that provide valuable insights into how today’s adversaries operate and the strategies that are needed to defend against them effectively.

Speed & Scale

In just 13 hours, a telecom provider was devastated by a fast-moving ransomware attack that encrypted files across tens of thousands of systems, exfiltrated sensitive data, and brought half of their business operations to a standstill. The client urgently engaged Unit 42 to contain the attack, prevent further data exfiltration, and help restore their operations. Within 2 hours of being called, Unit 42 began assessing the situation, quickly uncovering that the Black Basta ransomware had been deployed via a phishing email, leading to widespread unauthorized access.

Given the speed of the attack, rapid deployment of Cortex XDR across the impacted environment within 96 hours was critical to containing the threat, allowing Unit 42’s Managed Detection and Response team to begin 24/7 monitoring and threat hunting. As part of their response, Unit 42 negotiated an 80% reduction from the initial ransom demand and successfully implemented the decryption keys to recover encrypted data. Further investigation revealed gaps in network segmentation, credential control, endpoint security and security visibility. To mitigate future risks, Unit 42 deployed additional firewalls and access control technologies, reinforcing the client's defenses against the speed and agility of evolving threat actors.

Sophistication

During a recent engagement, Unit 42 responded to a sophisticated cyberattack orchestrated by the threat actor Muddled Libra. Over one week, the client endured five targeted attacks that showcased the adversary’s ability to adapt and exploit new pathways, even leveraging the client’s own security tools for lateral movement and further compromise.

Unit 42 was swiftly brought in to investigate and respond, focusing on a holistic security approach that included containment and remediation. Drawing on deep knowledge of Muddled Libra’s tactics, Unit 42 conducted a comprehensive assessment to identify unauthorized access and determine the full scope and impact of the attacks. The team advised the client on immediate actions, including securing compromised accounts, isolating affected systems, reconstructing Active Directory, changing passwords and hardening firewalls.

With the priority of restoring systems to a secure state, Unit 42 applied patches and reinforced network defenses. This collaboration not only mitigated the immediate threat but also helped the client enhance their long-term security posture through improved practices, awareness training and regular security assessments.

What It Means to Have Unit 42 on Retainer

In today’s rapidly evolving threat landscape, organizations need more than just a reactive response strategy. They need a partner who can proactively identify vulnerabilities and provide a quick, strategic response when incidents occur. This is where Unit 42 comes in. By having Unit 42 on retainer, organizations gain access to a wealth of expertise and resources that go beyond simply returning to normal operations; they gain a partner dedicated to transforming their security posture for the long term.

Unmatched Visibility and Expertise

Unit 42 delivers unparalleled visibility into the latest attack trends and tactics, combined with deep expertise in countering them. Backed by extensive telemetry data from more than 80,000 Palo Alto Networks enterprise customers worldwide and one of the industry’s largest threat intelligence databases, our team has access to broader telemetry than any other cybersecurity company.

Industry-Leading Incident Response

Our incident response team is recognized as one of the best in the industry, handling more than 1,000 cybersecurity engagements annually. Named a leader in The Forrester Wave for Cybersecurity Incident Response, Unit 42 is known for its speed, precision and effectiveness in containing and mitigating incidents. But we don’t just stop there. Our approach also focuses on helping organizations build resilience by transforming their security strategies and operations post incident.

The Power of Palo Alto Networks and Precision AI

Leveraging the advanced capabilities of Palo Alto Networks product platforms, powered by Precision AI, we bring a level of automation and insight that keeps us, and our clients, steps ahead of threat actors every time. This combination of human expertise and AI-driven technology ensures a comprehensive, proactive approach to cybersecurity.

Exclusive Offer for Palo Alto Networks Customers

Recognizing the growing need for rapid, expert intervention in today’s threat environment, Unit 42 is pleased to offer our no-cost Unit 42 Rapid Incident Response Retainer program, exclusively to qualified Palo Alto Networks customers. This retainer ensures that when every second counts, you have a trusted partner ready to jump into action, minimizing impact and helping you recover with confidence.

Having Unit 42 on retainer means more than just access to top-tier incident response; it means having a partner committed to your organization’s security success. Don’t just react to threats, stay ahead of them with Unit 42.

The No-Cost Unit 42 Rapid IR Retainer

For qualified Palo Alto Networks customers, the Unit 42 Rapid Incident Response Retainer offers a suite of benefits:

The initial 250 hours of Unit 42 Incident Response servicesA 2-hour response time SLA for incident response24/7/365 access to the Unit 42 Incident Response teamExpertise in threat intelligence from Unit 42

Contact your Palo Alto Networks account manager to put Unit 42 on speed dial. If you believe you are under attack, contact Unit 42 directly.

The post Unit 42 Incident Response Retainers Enhance Organizational Resilience appeared first on Palo Alto Networks Blog.