Between May 08-15, 2024, Blackpoint’s Security Operations Center (SOC) responded to 102 total incidents. These incidents included 24 on-premises MDR incidents, 2 Cloud Response for Google Workspace, and 76 Cloud Response for Microsoft 365 incidents, with confirmed or likely threat actor use of:
- NTLM credential theft for credential harvesting;
- “Loans Administration” scheduled task via Gootloader malware for persistence; and
- “Global Trade Management” scheduled task via Gootloader malware for persistence.
In this blog, we’ll dive into the details behind these select incidents, including why they’re important for partners to account for today – even if they’ve not been attacked yet! – as well as possible mitigations leveraging your current tech stack and Blackpoint Cyber.