Written by the SCILabs Team
It appeared that it would be a quiet Friday for our Incident Response Team; it was almost the end of the day, time to rest, suddenly the phone rang… “We need your help; a key customer is having an incident.”
From then on and during the following hours, we were dedicated to researching and obtaining any relevant data; the frustration arrived. We could not find information in our internal sources or OSINT. Still, among the obfuscated artifacts, there was a suspicious IP address, that fortunately had a single hit in the CTA’s Magellan platform. It was the help that we needed because from there, we knew that we were not alone; elsewhere, thousands of miles away, someone also saw something suspicious about it.
Through the CTA, we established contact with the great researcher that uploaded it, who provided us with new details about that IP address, which was enough to improve the hunting that led to identifying more infected computers in the client’s network. This invaluable action allowed us to continue making progress during the handling of the incident and eradicate the threat faster.
In situations such as this, we discover the power of information exchange and the importance of collaborating globally with leading cybersecurity companies. It is also a fact that the information obtained through the Magellan platform is invaluable. We realize that our efforts in researching not only serve to make our customers more secure but help other members of the CTA in combating cybercrime in the same way that their research helps us daily.
Threat intelligence, backed up by robust technology, is the key to increase cyber-attack response capabilities and enhances the operational capabilities of all CTA members. It allows us to know the most active threats, the most prevalent types of attacks, and the most unusual modus operandi worldwide. Real collaboration and amazing people are what you will find inside the CTA.
We can say with certainty that for Scitum, collaboration is synonymous with growth, it is to evolve together. In SCILabs (Scitum Cyber Intelligence Laboratories), we acknowledge that working together is the door that leads to success.
Author: Cyber Threat Alliance
CTA Webinar – The Cyber Threat Landscape: 2021 Was a Hell of a Ride – 2022 Isn’t Shaping Up Any Better
Join CTA and Radware as Neil, Daniel, and Pascal discuss the most [...]
Cultivating a Diverse Cybersecurity Workforce
Cyberattacks continue to increase in prevalence and impact and recent cyber incidents have brought a wake-up call that we must invest in training and hiring in the cybersecurity field. Because nearly every aspect of society depends on the digital infrastructure, cyberattacks are costly and extremely disruptive. We continue to rely on an inherently insecure internet […]
Incident Response Blog: Cyber Incidents in Ukraine
As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. [...]