Avoid a data hostage situation with Managed NTM from NCC Group

Written by: Dominic Carroll

Ransomware is one of the biggest security challenges facing businesses of all sizes.

And as organisations seek to streamline their supply chain processes by integrating with their suppliers’ systems, this inter-connectivity is leading to an increase in potential attack surfaces that criminals can exploit.

Once one business in the supply chain is compromised, all businesses in the chain are at risk.

NCC Group’s Security Operations Centre (SOC) team recently responded to a scenario in which a client’s main supplier had been infected with the SamSam ransomware.

SamSam scans for unpatched applications on a vulnerable JBoss server. Once a vulnerability has been found and taken advantage of, attackers can trigger the ransomware remotely which then allows it to spread through the local network to infect additional computers and servers.

The customer was using NCC Group’s Managed Network Threat Monitoring (NTM) service, which provides 24/7 monitoring and response through the use of NTM appliances. These appliances are deployed on the customer’s network and are continually updated with the latest threat intelligence.

After learning of its supplier’s issues, the client contacted the SOC to find out if its own network had also been infected by SamSam.

By analysing historical network data and security alerts generated by the NTM appliances, our SOC team were able to look for evidence of the SamSam ransomware at a granular level.

Following an extensive investigation — which involved an in-depth analysis of network data reaching back several weeks — our team were able to inform the customer that there was no evidence to suggest the SamSam ransomware had spread from the supplier’s network to theirs.

Alongside the forensic investigation in to SamSam, the SOC team also identified the list of systems and software versions which would render the customer vulnerable and provided general guidelines about how to avoid ransomware attacks.

NCC Group customers who choose the Managed NTM service have access to an unrivalled offering that combines our expert analysts and in-house developed technology to provide peace of mind that their network is well protected.

As threat actors seek to identify vulnerable organisations as a way to access the entire supply chain, every business should ensure they take steps to protect themselves and their partners.

Published date: 13 October 2017

Related posts:

Not knowing how Google and other search engines work and why they may give you results that are inconsistent with your keyword rank tracking tools can make you feel confused. You may find yourself…

St. Mary Medical Center, through a partnership with the North Philadelphia based Farm-to-Families initiative, is helping to provide better nutrition and eliminate food deserts in Bucks and Montgomery…