The SOC Diaries – Tales of the Unexpected
Affordable Community SOC services for ‘around the clock’ Cyber Threat Protection and Prevention
Providing 24x7x365 advanced cyber protection to our customers means that we encounter a plethora of new and evolving cyber threats each and every day. Luckily, for our customers, our ‘always available’ SOC Teams are specialists in monitoring, detecting, investigating, and mitigating these potentially harmful threats before they can have a serious impact upon the security and continuity of our SOC Community.
To highlight these close calls, our expert SOC Analysts have been recording anonymised case summaries, which we are calling The SOC Diaries – Tales of the Unexpected.
The idea behind the SOC Diaries is to be able to showcase the often-banal ways in which potentially very serious cyber breaches can originate, whilst also detailing the rapid and professional ways in which our SOC Teams handle each scenario.
Find out more by reading the diary entries below, or click the button to join one of our upcoming SOC Diaries webinars.
EPISODES 1-3
EPISODE ONE
High-risk data breach through exposed network backdoor at major multi-campus educational institution
KHIPU SOC identified a malicious PHP web shell being uploaded to one of the customers’ public-facing web servers, providing attackers with backdoor access to the environment. Our SOC Team worked alongside the customer to analyse the extent of the incident and remove all traces from the system. We also advised that web server vulnerability scans were necessary as the web shell was found to have originated via a compromised WordPress weakness (XMLRPC). Risk levels were high – the web shell provided attackers full remote access to the customers’ network.
SOC Timeline: Host isolation; removal of malicious files; consultancy for vulnerability scanning; Protected external web infrastructure and internal network.
EPISODE TWO
Human error leads to major vulnerability for global organisation
KHIPU SOC prevented malicious worm activity triggered by an infected USB drive, which had previously been used for printing at an internet and print cafe. Given the notoriously inadequate security protection on offer at these types of establishments, the use of removable data storage devices is a high-risk activity and thus was the most probable source of the infection.
SOC Timeline: Detection and isolation was fundamental; Machine was reimaged; SOC performed reverse engineering to determine that the malware was related to the ‘Raspberry Robin Worm’ exploit.
EPISODE THREE
Major cybersecurity breach impacting over 90% of the IT infrastructure at a multi-campus education institution
Needing urgent assistance, an educational institution reports a major cyber breach to their technology vendors, as their incumbent cyber security partner did not have the capabilities to react and mitigate the situation. Having been referred to KHIPU, our SOC Team assessed the situation and it was determined that over 90% of the universities virtual infrastructure was inaccessible, including over 300 servers, back-ups, and all related services had been taken offline, affecting 10,000 users.
SOC Timeline: Extended endpoint detection and response to provide holistic protection; deployed sandboxing and investigation tools to identify ransomware IP; Instigated block on firewall; added indicators of compromise (IOCs) to blocklists (including poorly configured software e.g., Windows Defender).
FIND OUT MORE ABOUT KHIPU SOC SERVICES
Upcoming ‘SOC Diaries’ Webinars…
We are always adding more ‘unexpected tales’ to our SOC Diaries series. Use for the form to register and join us for the next instalment.
E: sales@khipu-networks.com
T: +44 (0)345 272 0900 (UK)
T: +27 (041)393 7608 (SA)
SOC Registration
SOC Webinar registrations (HEITSA, STDC, Other).