A posting from DarkReading from there Security monitoring section: The incident response specialist investigating a recent breach of a government services firm was convinced the attack he was investigating was the handiwork of a group of Chinese hackers. The type of malware he found was commonly associated with that group of attackers, so he concentrated his efforts on cleanup and analysis of the malware, ultimately missing the real danger: the attackers had abandoned the malware and had since commandeered the victim company’s administrative tools.
It was a classic case of incident response tunnel vision that left the victim organization at the mercy of the attackers while the IR team was sidetracked. “Unfortunately, the analyst had tunnel vision and because of this didn’t address outside the spectrum of these Chinese attackers they believed [the malware] represented,” says Shane Shook, global vice president of consulting for Cylance, whose firm discovered the oversight after it was hired by the victim organization to perform of a review of the attack investigation.
To read more click here: