Learning From Incident Response: April – June 2022

Insights from the cyber trenches

What you’ll learn:

• Most frequently observed Initial Access Vectors
• Commonly observed incident types — that aren’t ransomware
• Most frequently exploited vulnerabilities and how the compromise of an MSP led to ALPHV ransomware
• Top recommendations provided to affected organizations in Q2

The Secureworks® Incident Response (IR) team plays a critical role in supporting organizations impacted by a security incident. This report from the Secureworks Counter Threat Unit™ (CTU) research team reviews key observations from over 100 IR engagements conducted in the second quarter of 2022.

Knowledge about threat actor behaviors can enable organizations to enhance best practices, make risk management decisions, and prioritize resource allocation.