Netsurion logo Netsurion logo
  • Our Solution
    Back
     Image
    OUR SOLUTION
    • Capabilities
      Predict, prevent, detect, and respond
    • How It Works
      People, platform, and process
    • Use Cases
      By threat, environment, or industry
    • Talk to a Cybersecurity Advisor
      See how we deliver managed threat protection
  • WHY NETSURION
    Back
     Image
    WHY NETSURION
    • Key Business Benefits
      Powerful yet practical cybersecurity
    • Industry Leadership
      Perennial recognition for innovation
    • Customer Success
      Driven to be your trusted partner
  • Partners
    Back
    Partner Program Overview Image
    PARTNER PROGRAM OVERVIEW
    • Partner Program Benefits
      Our solutions are built for service providers
    • Become a Partner
      Grow your cybersecurity practice
  • Insights
    Back
     Image
    VIEW ALL INSIGHTS
    • Articles
      Read the latest from our blog
    • SOC Catch of the Day
      Real stories of threats we reel in daily
    • Cybersecurity Q&A Videos
      Answering your toughest cybersecurity queries
    • Webcasts & Events
      Join us in-person or online to learn more
  • Company
    Back
     Image
    MEET NETSURION
    • Leadership
      Meet our management team
    • News
      Press releases and news stories
    • Careers
      Check out our current openings
    • Contact Us
      Talks to sales or support
  • MyNetsurion
  • Support
  • Partner Portal
  • Contact Us
SOC Catch of the Day

We review billions of logs daily to keep you safe from advanced threats.

HomeInsights Catch of the Day Blackhole Foiled at Global Law Firm

Blackhole Foiled at Global Law Firm

The Network: A law firm with 14 offices worldwide. Their team is supplemented by EventTracker SIEM on a 24/7 basis.

The Expectation: Robust and up-to-date (Anti-Virus, Next-Gen Firewall) prevention mechanisms thwart most common attacks, but since perfect protection is not practical, monitoring is also necessary.

The Catch: Netsurion’s SOC analysts observed suspicious network traffic that matched patterns from the Blackhole exploit kit, one of the most prevalent web threats. Its purpose is to deliver a malicious payload to a victim’s computer. The majority of infections due to this exploit kit are done in a series of high-volume spam runs. Blackhole incorporates tracking mechanisms so that people maintaining the malware know considerable information about the victims, including the victim’s country, operating system, browser, and which piece of software on the victim’s computer was exploited.

The Find: A large number of connections from a desktop inside one of the locations was observed — many of these connections were to IP Addresses with poor reputation. Simultaneously, the desktop was observed to be using unusually high amounts of memory.  These are indicators of compromise (IoCs).

The Fix: The Netsurion SOC analyst immediately notified the customer’s IT team to check this desktop for vulnerable plugins (Adobe) to the Chrome browser. The onsite IT team confirmed that the plugins were vulnerable and quickly removed them from the user’s desktop.

The Lesson: Ensure that the browser’s plugins and operating system are up-to-date since Blackhole targets vulnerabilities in old versions of browsers such as Firefox, Google Chrome,  and Safari, as well as many popular plugins such as Adobe Flash, Adobe Acrobat and Java. Blackhole is polymorphic and mutates constantly to evade detection, so traditional anti-virus signatures will lag behind the automated generation of new variants. Netsurion’s Managed Threat Protection defends against new variants.

Related Catches
  • Dubious Document Destroyed at Law Firm
  • Phony Performance Warning Foiled
  • Vulnerable VoIP
Latest Catches
  • Trojan Hunted at a Medical Center
  • Ransomware Detected & Blocked in Business Services Firm
  • MITRE ATT&CK Guides MSP on Cobalt Strike Threat Mitigation

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept

Contact Us

  • 1 (877) 333-1433
  • Customer Support
  • partners@netsurion.com
  • sales@netsurion.com

Partners

  • Partner Program Overview
  • Partner Program Benefits
  • Become a Partner
  • Partner Portal Login

Quick Links

  • Why Netsurion
  • Blog
  • Careers
  • Our Solution
SOC 2
  • Terms of Use
  • |
  • Privacy Notice
  • |
  • Soc 2 Type 2 Compliant
  • |
  • Contact Us
  • |
  • Sitemap
  • |

Copyright © 2023 Netsurion. All rights reserved.