Cybersecurity agencies of the nations in the “Five Eyes” intelligence alliance released a joint cybersecurity advisory to serve as a “playbook” for investigating incidents and highlight technical approaches to uncovering malicious activity. Director of the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs called the advisory “the first of its kind for CISA since our formal establishment in 2018.” The Australian Cyber Security Centre (ACSC), New Zealand’s National Cyber Security Centre (NCSC NZ) and Computer Emergency Response Team NZ (CERT NZ), Canada’s Communications Security Establishment, and the United Kingdom’s National Cyber Security Centre (NCSC UK) teamed up with CISA to release the 14-page document called “Technical Approaches to Uncovering and Remediating Malicious Activity.” The advisory’s key takeaways for incident response, in short, are:
- “First, collect and remove for further analysis”;
- “Next, implement mitigation steps that avoid tipping off the adversary”; and
- “Finally, consider soliciting incident response support from a third-party IT security organization.”