What We Do
How we do it
Resources
SECURITY ADVISORIES
Jul 29, 2021
UPDATE: PetitPotam NTLM Relay Attack
THE THREAT PetitPotam is a variant of the NTLM Relay attack discovered by security researcher Gilles Lionel. It is tracked as an authentication bypass vulnerability in Active Directory (Certificate Services); currently no CVE identifier has been assigned to this vulnerability. Proof of Concept (PoC) code released last week [1] relies on the Encrypting File System Remote (EFSRPC) protocol to…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Jul 12, 2021
Tecala and eSentire Partner to Protect Enterprises across APAC from Business-Disrupting Cyber Attacks
Sydney, 12 July, 2021 - Tecala, Australia’s award-winning technology services and IT consulting provider, today announced it has chosen eSentire, the global Authority in Managed Detection and Response (MDR) cybersecurity services, as their exclusive MDR solution provider in Australia and New Zealand. This partnership will enable Tecala to augment its cybersecurity practice and offer enterprises…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Company
News releases — Oct 09, 2018

IIS attacks increase from 2,000 to 1.7 million over last quarter

Compromised Servers from China Observed Carrying Out Attacks on eSentire Detection Surface
4 min read

CAMBRIDGE, ONTARIO – October 9, 2018 – IIS, Drupal, and Oracle WebLogic web technologies experienced increased attacks in Q2 2018. According to the new Q2 2018 Quarterly threat report from eSentire, Inc., the largest pure-play Managed Detection and Response (MDR) provider, IIS attacks showed a 782x increase, from 2,000 to 1.7 million, since last quarter.

Analysis of the attacks by eSentire Threat Intelligence revealed that both IIS and WebLogic exploits maintained a consistent number of attacks (about 200) per IP across organizations, with those attacks originating from servers hosting Apache, RDP, SQL, IIS, and HTTP API services.

Most sources targeting IIS web servers originated from China-based IP addresses. According to Shodan, there are 3.5 million IIS web servers exposed (with 1 million in China). The compromised servers largely originated from Tencent and Alibaba.

eSentire also noted an interesting collection of operating systems among the attacking infrastructure involved – over 400 of the attacking IPs had Shodan records indicating they were Windows machines (including XP, 7, 8, 2008, and 2012). Additionally, nearly 350 FTP servers and over 100 mail servers were reported; there were also VPN servers, MikroTik devices (reported as bandwidth-testing servers), Kangle, Squid, Jetty, and a handful of lesser-known web service technologies.

“IIS is a popular web server, with prevalence in the U.S. and China. Organizations using web servers need to make sure they monitor for these vulnerabilities and update or patch as necessary. Oracle WebLogic is another web server that saw a lot of attacks and we’ve seen Apache attacks reported too,” said Kerry Bailey, CEO, eSentire. “Web servers are exposed de facto, which makes them a primary target, and we saw continued attacks against IIS continue in Q3 2018. IIS patches for earlier versions, like 6.0, are available. Otherwise, users should consider updating to more recent versions of the web server.”

Additional Q2 2018 report findings:

Report Methodology

The eSentire Threat Intelligence team used data gathered from 2,000+ proprietary network and host-based detection sensors distributed globally across multiple industries. Raw data were normalized and aggregated using automated machine-based processing methods. Processed data was reviewed by a visual data analyst applying quantitative analysis methods. Quantitative intelligence analysis results were further processed by a qualitative intelligence analyst resulting in a written analytical product.

eSentire’s 2018 Q2 Threat Report provides a quarterly snapshot, analyzing all cyber threat events investigated by the eSentire Security Operations Center (SOC) while addressing three key areas: threat types, threat volume, and attack types. Each topic is divided into multiple sections, including visual data analysis, written analytical analysis, practical recommendations, and key assumptions.

Access the 2018 Q2 Threat Report here: www.esentire.com/resource-library/2018-annual-threat-report

About eSentire:

eSentire® is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber attacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates and responds in real-time to known and unknown threats before they become business disrupting events. Protecting more than $5.7 trillion AUM in the financial sector alone, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.esentire.com and follow @eSentire.

Products, service names, and company logos mentioned herein may be the registered trademarks of their respective owners. All rights reserved.