Between July 17-24, 2024, Blackpoint’s Active Security Operations Center (SOC) responded to 96 total incidents. These incidents included 12 on-premises MDR incidents, 2 Cloud Response for Google Workspace, and 82 Cloud Response for Microsoft 365 incidents, with confirmed or likely threat actor use of:
- Ratty RAT for persistence;
- AsyncRAT for persistence; and
- SYS01 Stealer for credential access and exfiltration.
In this blog, we’ll dive into the details behind these select incidents, including why they’re important for partners to account for today – even if they’ve not been attacked yet! – as well as possible mitigations leveraging your current tech stack and Blackpoint Cyber.