Clop (Cl0p) Ransomware Gang Currently Claims 57 Victims on Leak Site, as Six Clop Gang Members Arrested in Ukraine Today
News broke earlier today that six members of the Clop (CIOp) Ransomware gang were arrested in Kiev, Ukraine and in surrounding towns earlier today by the Cyber Police Department of the National Police of Ukraine, working in cooperation with law enforcement officials from South Korea (the Republic of Korea) and the United States. eSentire’s security research team, the Threat Response Unit (TRU),…
Read More →
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Waterloo, ON and Washington, DC – eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), announced today the launch of its Cyber Investigations Portfolio, complete with Emergency Incident Response, Digital Forensics Investigations and Security Incident Response Planning services. Believing that cyber investigations and incident response stand to benefit more from…
Read More →
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
TRU Positives: Weekly investigation summaries and recommendations from eSentire’s Threat Response Unit (TRU)
DOUBLEDROP Global Phishing Campaign
3 min read
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.
Our Security Operations Centers are supported with Threat Intelligence, Tactical Threat Response and Advanced Threat Analytics driven by our Threat Response Unit – the TRU team.
In TRU Positives, eSentire’s Threat Response Unit (TRU) provides a summary of a recent threat investigation. We outline how we responded to the confirmed threat and what recommendations we have going forward.
Here’s the latest from our TRU Team…
What did we find?
Newly identified phishing campaign attempting to deploy fileless malware on a victim workstation as part of a global phishing campaign
This artifact is identified as DOUBLEDROP and is attributed back to UNC2529
This is part of a larger, evolving campaign by an experienced, well-resourced adversary
External research reports have this latest wave of this group’s activities commencing 4-May-2021
Attempted execution of fileless malware payload stored in Windows registry
How did we find it?
Our Machine Learning PowerShell classifier detected an attempt to save malicious payload in Windows registry
Our 24/7 SOC was alerted and investigated
What did we do?
Investigated and confirmed the activity is malicious
Isolated the host to contain this incident in accordance with the business’ policies
Provided remediation recommendations and support
Traced this activity back to a global phishing campaign
What can you learn from this TRU positive?
Phishing is a significant risk to organizations of all types and sizes in every geography:
Phishing campaigns are a continual, potent threat.
Either opportunistically or as a chosen victim – you will be a target
Threat Actors are evolving their capabilities to create compelling, custom phishing lures to convince targets to fall victim to their attacks
Threat Actors employing phishing techniques are continually improving their technical prowess by adapting their payloads to bypass defenses to launch devastating attacks
Stopping modern phishing attacks requires layered defenses:
Deploy email filtering and protection
Protect endpoints against malware using managed endpoint detection and response support
Ensure regular security assessments, testing and user training across your organization
Consider how to improve your security at scale. For example: At eSentire we amplify detection learnings across our global customer base with eSentire Atlas Security Network Effects, hardening your defenses automatically
We include relevant signatures, IOCs and IPs as part of the 400+ indicators we add to the 12,000+ indicators recognized across our eSentire Atlas XDR platform every day
Recognize that phishing defenses won’t stop every attack. Preventing phishing attacks needs to be incorporated into a larger security strategy. Ask yourself how are you incorporating the following into your security program:
Backup, recovery, and test procedures
Multi Factor Authentication
Security Awareness Training
Disaster recovery and business continuity planning
Digital Forensics and Incident Response
If you’re not currently engaged with a Managed Detection and Response provider, we highly recommend you partner with us for security services in order to disrupt threats before they impact your business.
Want to learn more? Connect with an eSentire Security Specialist.
eSentire Threat Intel
Threat Intelligence Research Group
Are you experiencing a security incident or have you been breached? Call us now.