What We Do
How we do it
Oct 18, 2021
Grief Ransomware Gang Claims 41 New Victims, Targeting Manufacturers; Municipalities; & Service Companies in U.K. & Europe
Grief Operators Earned an Estimated 8.5 Million British Pounds in Four Months Key Findings: The Grief Ransomware Gang (a rebrand of the DoppelPaymer Ransomware Group) claims to have infected 41 new victims between May 27, 2021—Oct. 1, 2021 with their ransomware.Over half the companies listed on Grief’s underground leak site are based in the U.K. and Europe. The Grief Ransomware Gang appears to…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Oct 12, 2021
eSentire Launches MDR with Microsoft Azure Sentinel Extending Response Capabilities Across Entire Microsoft Security Ecosystem
Waterloo, ON – Oct. 12, 2021 -- eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announced the expansion of its award-winning MDR services with Microsoft Azure Sentinel, as part of its integration with the complete Microsoft 365 Defender and Azure Defender product suites supporting Microsoft SIEM, endpoint, identity, email and cloud security services.…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Oct 09, 2018

Highlights of the Q2 2018 threat intelligence report

The Second Quarter Threat Intelligence report offers an expansive overview of the threat landscape for Q2 2018. The content and analysis for this report is built off of intelligence gathered from 2,000+ proprietary network and host-based detection sensors. This blog post is presented to highlight some of the most interesting and important findings; to learn more, you can read the full report.

Key Findings List

Industry Trends

During Q2, the eSentire SOC alerted clients on approximately 57,000 malicious events. By checking industries against a normalized count of sensors it is possible to see which industries are affected most frequently. In the second quarter of 2018, biotechnology and accounting services were by far the two most alerted on industries out of the 22 client industries monitored by eSentire.

Exploit Campaigns

A variety of exploit campaigns were discovered and monitored over the Q2 period. By grouping the attacking IP addresses according to the unique set of exploits over a time period, it is possible to correlate campaigns. The most notable campaigns targeted WebLogic and IIS, IIS and GPON Routers. An interesting aspect of these campaigns is that in many of the cases the attacking infrastructure appears to be compromised servers. The compromised infrastructure was likely affected by the same attacks that it is now being used to conduct attacks. It is unlikely that these campaigns were targeted. Rather, threat actors are using the exploits that they believe will have the highest success rate and launching a high number of opportunistic attacks.

Phishing and Malware Trends

Phishing continues to be a popular and widely employed attack method due to its simplicity and success rate. The most successful lures employed in phishing are Office 365 and DocuSign, although the total attempts using these lures decreased. UPS, eFax and FedEx lures all increased over the period, but saw little success. As the holiday season approaches users should anticipate an increase of shipping themed phishing emails, as threat actors attempt to capitalize on the increase in online shopping.

There were over 30 unique identified malware types reported on through Q2. The most common identified malware for this time period was Emotet. Emotet’s malware authors appear to have adapted the malware’s capability as a banking trojan to a generalized dropper, used to download additional payloads after infection. The high amount of Emotet related cases is not unexpected due to the continued modification and improvement of the malware.

Endpoint Data

By analyzing endpoint data, an analyst is able to learn significantly more about an attack than would otherwise be possible. Endpoint data from Q2 shows that PowerShell is the most used technique detected on endpoints, making up over 30% of total attack techniques. Endpoint solutions facilitate observation of execution, evasion, and persistence tactics. Of the detected malicious PowerShell use, 83% of attacks employed obfuscation methods meant to hide the activity.

Concluding Comments

Tracking trends allows for a comprehensive view of the current threat landscape. This enables both an understanding of evolving threats and more focused threat protection. The findings reported in this post are highlights from the Second Quarter Threat Intelligence report. For more findings, visuals and deeper analysis see the full report.

eSentire Threat Intel
eSentire Threat Intel Threat Intelligence Research Group