Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
eSentire recently investigated an incident involving RIG Exploit Kit which was linked to a Reddit discussion post on Wimbledon. The victim was browsing /r/tennis and attempted to load several streaming links from the popular subreddit. Unfortunately, instead of streaming a tennis match, they were served up an exploit kit.
The RIG Exploit Kit (EK) was a major player in 2017, seeing both widespread use and success. Arrests and coordinated takedowns almost completed halted the popularity of RIG EK. Operation Shadowfall was the name given to a coordinated effort by RSA, GoDaddy and several independent researchers that resulted in the dismantling of large portions of infrastructure associated with RIG EK in 2017 [1]. The RIG exploit kit has recently seen some resurgence and is relying on Flash and Internet Explorer vulnerabilities to deliver a variety of payloads [2].
eSentire’s Security Operations Center was initially alerted to the exploit attempts from a RIG EK on 94[.]250[.]254[.]73. Once the event was triaged and contained, an investigation into the origin of the EK began. Root cause analysis revealed a series of web transactions – or referers – from the original site the user purposely visited to the page hosting the exploit kit. Analysis revealed that cricfree[.]cc was to blame, as it kicked off a series of redirects to the EK.
Reviewing packet capture data shows the user was on the Reddit Wimbledon discussion page when they clicked a link to cricfree[.]cc/tennis-live-streaming, which served a 302 redirect to mybetterdl[.]com.
[image src="/assets/Wimbledon1.png" id="2323" width="375" height="116" class="center ss-htmleditorfield-file image" title="Wimbledon1"]
This results in a few more 302 redirects:
[image src="/assets/Wimbledon2.png" id="2324" width="375" height="109" class="center ss-htmleditorfield-file image" title="Wimbledon2"]
Then another one, this time to makemoneyeasywith[.]me:
[image src="/assets/Wimbledon3.png" id="2325" width="375" height="119" class="center ss-htmleditorfield-file image" title="Wimbledon3"]
Finally we see RIG getting served:
[image src="/assets/Fimbledon4.png" id="2326" width="375" height="130" class="center ss-htmleditorfield-file image" title="Fimbledon4"]
Some quick Googling shows cricfree[.]cc appears in both threads but also the /r/tennis sidebar:
[image src="/assets/Wimbledon5.png" id="2329" width="375" height="356" class="center ss-htmleditorfield-file image" title="Wimbledon5"]
Exploring Reddit, we see the link is still live:
[image src="/assets/Wimbledon6-v2.png" id="2330" width="400" height="284" class="center ss-htmleditorfield-file image" title="Wimbledon6 v2"]
Finally viewing the Wimbledon discussion thread, it’s easy to see how the victim accessed the supposed streaming link:
[image src="/assets/Wimbledon7.png" id="2331" width="400" height="400" class="center ss-htmleditorfield-file image" title="Wimbledon7"]
Reddit has long been a source for sports fans to obtain access to pirated sports streams. While the r/tennis subreddit still has a link to the cricfree[.]cc in its sidebar, subreddits that focus on providing illegal streams such as r/soccerstreams and /nbastreams have recently been banned from the site.
These Reddit bans however, have not made illegal streaming disappear. As an example, this week, The Open Championship (aka The Bristish Open) begins, and for people who want to watch one of golf’s four major tournaments, a quick Google search for “Golf Streams” reveals more than 39 million search results. Some of these results steer users to legitimate sites that are licensed to provide streams of PGA events (typically for a fee), but the vast majority of these results direct fans towards sites that host “free” illegal streams.
For these pirate streaming sites to be sustainable; they must be profitable. As a user, if you aren’t paying for a stream, it likely means that money being made off of you in some way, shape or form.
In most cases, that revenue would come from website forcing users to view web ads before (or while viewing a stream), but as demonstrated above, these websites could also be directing you to malware in hopes of monetizing your illegal streaming by exploiting your computer or your personal data.
For organizations with more lenient web access policies, the illegal streaming of sporting events that occur during core operational hours such as tennis or golf tournaments, March Madness, and the Olympics represent a significant potential risk. As demonstrated, these pirate streaming sites can and do host malware, and even though employees know these sites are likely to be illegitimate in nature, the desire to not miss “the big game” may cause them to access these sites anyway, exposing not only their workstations but their entire organizations to threats.
If you are wanting to protect your organization from the threat posed by illegal online streaming, eSentire Threat Intelligence makes the following recommendations.