Between May 22-29, 2024, Blackpoint’s Security Operations Center (SOC) responded to 59 total incidents. These incidents included 19 on-premises MDR incidents, no Cloud Response for Google Workspace incidents, and 40 Cloud Response for Microsoft 365 incidents, with confirmed or likely threat actor use of:
- Multiple ChromeLoader attempts for information theft;
- A malicious scheduled task for persistence; and
- RDP abuse for lateral movement.
In this blog, we’ll dive into the details behind these select incidents, including why they’re important for partners to account for today – even if they’ve not been attacked yet! – as well as possible mitigations leveraging your current tech stack and Blackpoint Cyber.