杏吧传媒

Search
searchclose icon
HomeBlog
All in a Day鈥檚 Work: Fighting Log4Shell with 杏吧传媒 Managed EDR
Published:
June 28, 2022

All in a Day鈥檚 Work: Fighting Log4Shell with 杏吧传媒 Managed EDR

By:
Rachel Bishop
Glitch effectGlitch effectGlitch effect
Glitch banner

Nothing says happy Friday afternoon quite like finding a Cobalt Strike implant in your network.

Such was the case for our partners at , a Missouri-based managed service provider (MSP). Our ThreatOps team received a Windows Defender alert for Blue Tree鈥檚 environment鈥攁nd just a few minutes later, a similar alert popped up for a different partner organization.

The commonality? Hackers were exploiting Log4Shell vulnerabilities to target VMware Horizon servers.

With this observable pattern at play, our ThreatOps team jumped into action.

Gathering Data with 杏吧传媒 Managed EDR

The team leaned on 杏吧传媒 Managed Endpoint Detection and Response (EDR) to dig into what was happening. This feature gave our team near-real-time insights in terms of what was happening across our partners鈥 endpoints.聽

Within minutes, 杏吧传媒 Managed EDR unveiled which of our partners were being targeted with malicious executable commands, which allowed our team to send out incident reports to impacted partners with information on how to mitigate the threats.

Blue Tree Technology was one of those impacted partners, as one of their machines hosted by had been hit by hackers. Alarmingly, IntelliData Solutions had already patched their VMware Horizon servers, yet threat actors were still able to bypass those precautions and work their way into Blue Tree Technology鈥檚 machine.聽

Alerting Our Partners

Our ThreatOps team was able to connect with the relevant team members at Blue Tree Technology and IntelliData Solutions to provide remediation steps to get them back up and running.

Although this situation posed a real threat, traditional cybersecurity tools are notorious for raising red flags when they simply aren鈥檛 warranted. This is where the 杏吧传媒 ThreatOps team is invaluable. The team analyzes logs, data and alerts to verify threats before sending incident reports to our partners. That way, our partners can focus on what actually matters and spend more time on other priorities.聽

Together with the Blue Tree Technology and IntelliData Solutions teams, we were able to squash this threat by the end of the day鈥攏o weekend disruptions needed.

You can watch our interview with Blue Tree Technology and IntelliData Solutions below, or .

We love a good story with a happy (week)ending.

Categories

See 杏吧传媒 in action

Our platform combines a suite of powerful managed detection and response tools for endpoints and Microsoft 365 identities, science-backed security awareness training, and the expertise of our 24/7 Security Operations Center (SOC).

Share
Glitch effect

You Might Also Like

Sign Up for 杏吧传媒 Updates

Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.

By submitting this form, you accept our Terms of Service & Privacy Policy
Oops! Something went wrong while submitting the form.
杏吧传媒 at work