Reliance acsn recently responded to a P1 level event for a customer where the CEO had clicked on a phishing link and downloaded a file. Fortunately, the user didn’t input the requested credentials and informed their security team once the mistake was realised. The html file contained a script designed to ingest the user’s credentials and distribute them to a Command and Control (C2) server.
Reliance acsn use a range of different, integrated technologies to protect our customers and deliver outcome-based solutions which are tailored to the individual IT estate and corporate goals.
In this instance our dedicated analysts used two technologies, Cynet and Recorded Futures to respond to the incident. Cynet detected the download and Recorded Futures allowed us to undertake an automated Malware Analysis within 5 minutes and authoritatively inform them of the likelihood of the CEO’s credentials being exposed anywhere on the public web.
Through our integration of the LogRhythm platform with the customer’s environment, we could quickly confirm or deny any communication with the target C2 server had taken place.
Following our investigation, we hardened the auto remediation from Cynet on associated servers in response. All of our customers were able to immediately benefit from the updated threat intelligence provided by this attack and our response.
A report containing the output from our investigation and remediation was with the client within 90 mins of notification.
Reliance acsn’s flexible approach to using technologies that match our customers’ requirements, selected from our wide range of supported platforms, ensures each customer gets the right solution for them and their environment. Our solutions scale and change to meet our customers’ developing IT systems and priorities.