Skip to the content

Follow us @UKAuthority

NCSC publishes guidance on responses to cyber attacks

02/09/20

Mark Say Managing Editor

The National Cyber Security Centre (NCSC) has joined up with organisations in the US, Canada, Australia and New Zealand in publishing guidance on helping organisations stay safe from malicious cyber actors.

Hodded figure at laptop

It has produced an advisory document, Technical Approaches to Uncovering and Remediating Malicious Activity, in conjunction with the US’s Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre, the New Zealand National Cyber Security Centre and CERT NZ, and the Canadian Communications Security Establishment.

It highlights technical approaches and includes mitigation steps based on best practice.

The key takeaways of the advice, focused on addressing potential incidents, begin with the need to collect and remove relevant artifacts, logs and data for further analysis, followed by implementing mitigation steps to avoid tipping off the adversary that their presence has been discovered.

There is then a need to consider support from a third party IT security body to provide subject matter expertise, ensure the actor is eradicated from the network, and avoid residual issues that could result in follow-up compromises once the incident is closed.

Technical approaches include an indicators of compromise search, frequency analysis, pattern analysis and anomaly detection.

Advice is also provided on common missteps such as mitigating affected systems before responded can protect and recover data, failing to preserve or collect log data, and communicating over the same network as the incident response is being conducted.

Global issue

NCSC director of operations Paul Chichester said: “Cyber security is a global issue that requires a collaborative international effort to protect our most critical assets.

“This advisory will help organisations understand how to investigate cyber incidents and protect themselves online, and we would urge them to follow the guidance carefully.

“Working closely with our allies, and with the help of organisations and the wider public, we will continue to strengthen our defences to make us the hardest possible target for our adversaries.”

Image from iStock

Register: Library & Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.