What We Do
How we do it
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Oct 09, 2018

Highlights of the Q2 2018 threat intelligence report

Speak With A Security Expert Now

The Second Quarter Threat Intelligence report offers an expansive overview of the threat landscape for Q2 2018. The content and analysis for this report is built off of intelligence gathered from 2,000+ proprietary network and host-based detection sensors. This blog post is presented to highlight some of the most interesting and important findings; to learn more, you can read the full report.

Key Findings List

Industry Trends

During Q2, the eSentire SOC alerted clients on approximately 57,000 malicious events. By checking industries against a normalized count of sensors it is possible to see which industries are affected most frequently. In the second quarter of 2018, biotechnology and accounting services were by far the two most alerted on industries out of the 22 client industries monitored by eSentire.

Exploit Campaigns

A variety of exploit campaigns were discovered and monitored over the Q2 period. By grouping the attacking IP addresses according to the unique set of exploits over a time period, it is possible to correlate campaigns. The most notable campaigns targeted WebLogic and IIS, IIS and GPON Routers. An interesting aspect of these campaigns is that in many of the cases the attacking infrastructure appears to be compromised servers. The compromised infrastructure was likely affected by the same attacks that it is now being used to conduct attacks. It is unlikely that these campaigns were targeted. Rather, threat actors are using the exploits that they believe will have the highest success rate and launching a high number of opportunistic attacks.

Phishing and Malware Trends

Phishing continues to be a popular and widely employed attack method due to its simplicity and success rate. The most successful lures employed in phishing are Office 365 and DocuSign, although the total attempts using these lures decreased. UPS, eFax and FedEx lures all increased over the period, but saw little success. As the holiday season approaches users should anticipate an increase of shipping themed phishing emails, as threat actors attempt to capitalize on the increase in online shopping.

There were over 30 unique identified malware types reported on through Q2. The most common identified malware for this time period was Emotet. Emotet’s malware authors appear to have adapted the malware’s capability as a banking trojan to a generalized dropper, used to download additional payloads after infection. The high amount of Emotet related cases is not unexpected due to the continued modification and improvement of the malware.

Endpoint Data

By analyzing endpoint data, an analyst is able to learn significantly more about an attack than would otherwise be possible. Endpoint data from Q2 shows that PowerShell is the most used technique detected on endpoints, making up over 30% of total attack techniques. Endpoint solutions facilitate observation of execution, evasion, and persistence tactics. Of the detected malicious PowerShell use, 83% of attacks employed obfuscation methods meant to hide the activity.

Concluding Comments

Tracking trends allows for a comprehensive view of the current threat landscape. This enables both an understanding of evolving threats and more focused threat protection. The findings reported in this post are highlights from the Second Quarter Threat Intelligence report. For more findings, visuals and deeper analysis see the full report.

View Most Recent Blogs
eSentire Threat Intel
eSentire Threat Intel Threat Intelligence Research Group