|
|
|
|
|
|
by wepple
2595 days ago
|
|
|
I’ve done a few small IR jobs in my time, and also have a hobby of reading every breach report that comes out. It seems the vast majority of breach discovery amongst typical companies is an engineer going “hrmm that’s odd”: a router at 100% CPU because it’s currently part of a DDoS attack. A DBA noticing a huge query they don’t recall running. Unusual login times for administrative accounts. Having email systems sinkholed for sending spam. And of course “all my files are encrypted?” |
|
|