藍隊營運Blue Team Operations [Part 2]: How To Investigate Malware Incidents as a SOC Analyst
介紹
Malware incidents are the most common yet most dangerous cyber security incidents in any organization. We shall discuss how a SOC expert will investigate malware incidents in a real-time corporate environment along with a relevant example.
Before we discuss malware incidents in detail, first, we will understand what is malware? According to Norton, “Malware is an abbreviated form of “malicious software.” Malware is software that is specifically designed to gain access to or damage a computer, usually without the knowledge of the owner. There are various types of malware, including spyware, ransomware, viruses, worms, Trojan horses, adware, or any type of malicious code that infiltrates a computer.” When the SOC team is notified about a malicious process or when the SOC team identifies a suspicious application, it can be considered as a malware incident. Upon identifying a malware incident, SOC teams start the malware analysis or malware investigation to know the nitty-gritty of the infection. Malware incidents and investigations mostly fall under host security.