LoughTec Security Operations Centre Stops Cyber Attack on Agricultural Organisation
The
Challenge
The UK-based Agricultural Organisation was a victim of a ProxyShell exploit on their email server. ProxyShell is the name of an attack that uses three chained email server vulnerabilities to perform unauthenticated, remote code execution. The client was in the middle of a migration to a cloud email server, so it was important to contain the processes and prevent the exploit from continuing to function.
❛❛
"Had the SOC not been involved, it is impossible to tell how much of the company’s data would have been at risk. While both anti-virus and anti-malware solutions are useful in providing protection against known viruses and malware, they simply cannot thwart dedicated criminals leveraging newer attack methods such as ransomware and zero-day exploits."
The
Outcome
The LoughTec Security Operations Centre (SOC) received an email from the customer about a Windows Defender alert on the email server. The SOC found webshell and evidence of compromise on the machine in question. The customer was called and they asked not to isolate the machine. After identifying the exploit, the SOC recommended actions to finish cleaning up the server. The time between initial detection and response from the SOC was 0 minutes. The time between initial response and full resolution was less than one minute. The threat was stopped and prevented from moving laterally into other company systems.
Features
LoughTec’s Security Operations Centre provides 24/7/365 coverage so your organisation can focus on other priorities.
- Stopping lateral spread before it occur
- Real-time detection and immediate response
- Network visualisation, tradecraft detection and endpoint security in one
- Quick and easy deployment.
