Security Incident Report
Incident Report #: 1
Reported Date and Time: December 26, 2023
Site Location:
Jones & Bartlett Lab 9, on remote connection to TargetWindows02.
Identification (Type and how Detected):
I was tasked with using AVG Business Security on the remote connection where I then enabled Computer File Shield and the Web & Email Web Shield protections. After enabling those, I was prompted to run a Deep Scan, In this deep scan it showed multiple files that were malicious. Virus Scan Detected:
The scan showed that there were multiple malicious files on the device, Keylogger and Avalanche (Achtung.exe)
Triage (Impact):
It seems to have only effected this device (TargetWindows02)
Containment (Steps Taken):
After the deep scan, it placed all malicious files into a quarantine zone.
Investigation (Cause):
Prompted by our given lab this week.
Recovery and Repair (Resolution):
I used the AVG business security anti malware program to quarantine all malware found on the device where it then took care of the files found.
Lessons Learned (Debriefing and Feedback):
I learned how to do a Security Incident Report.
