Netsurion logo Netsurion logo
  • Our Solution
    Back
     Image
    OUR SOLUTION
    • Capabilities
      Predict, prevent, detect, and respond
    • How It Works
      People, platform, and process
    • Use Cases
      By threat, environment, or industry
    • Talk to a Cybersecurity Advisor
      See how we deliver managed threat protection
  • WHY NETSURION
    Back
     Image
    WHY NETSURION
    • Key Business Benefits
      Powerful yet practical cybersecurity
    • Industry Leadership
      Perennial recognition for innovation
    • Customer Success
      Driven to be your trusted partner
  • Partners
    Back
    Partner Program Overview Image
    PARTNER PROGRAM OVERVIEW
    • Partner Program Benefits
      Our solutions are built for service providers
    • Become a Partner
      Grow your cybersecurity practice
  • Insights
    Back
     Image
    VIEW ALL INSIGHTS
    • Articles
      Read the latest from our blog
    • SOC Catch of the Day
      Real stories of threats we reel in daily
    • Cybersecurity Q&A Videos
      Answering your toughest cybersecurity queries
    • Webcasts & Events
      Join us in-person or online to learn more
  • Company
    Back
     Image
    MEET NETSURION
    • Leadership
      Meet our management team
    • News
      Press releases and news stories
    • Careers
      Check out our current openings
    • Contact Us
      Talks to sales or support
  • MyNetsurion
  • Support
  • Partner Portal
  • Contact Us
SOC Catch of the Day

We review billions of logs daily to keep you safe from advanced threats.

HomeInsights Catch of the Day Dubious Document Destroyed

Dubious Document Destroyed at Law Firm

The Network: Our client is an established law firm with more than 225 lawyers with a long history of well-planned growth, enduring client relationships and leadership across more than eight decades. Multiple locations are supported by an IT team located at HQ. Law firms must safeguard sensitive information ranging from global contracts to mergers and acquisition data to pending court cases. . Netsurion’s Managed Threat Protection enables an additional layer of defense in depth with its 24/7 security monitoring capabilities.

The Expectation: The primary user is not an IT professional and therefore must be kept safe against malware that is prevalent today. Endpoints are maintained carefully with patching and a brand name anti-virus, and a properly configured firewall at each location. Given that attackers will exploit every possible vector, constant monitoring is needed.

The Catch: Netsurion’s SOC (Security Operations Center) observed that the scanning module at the firewall reported a possibly malicious Microsoft Word document was embedded in a web server request that originated in the network but to a server in Taiwan.

The Find: Although the Microsoft Word document was dormant on the endpoint, a proactive assessment of its MD5 hash by the Netsurion’s SOC detected that it was malicious and contained the trojan called Valyria. US-CERT has warned about malicious Microsoft Word document that could contain Visual Basic for Applications (VBA) macros. These files can download and install malware, install proxy and remote access trojans (RATs), connect to command and control (C&C) servers to receive additional instructions, and modify the victim's firewall to allow incoming connections. The Department of Homeland Security (DHS) and the FBI identified trojan malware variants used by the North Korean government. This malware variant is known as TYPEFRAME. The U.S. Government refers to malicious cybersecurity activity by the North Korean government as HIDDEN COBRA.

The Fix: Netsurion’s security analyst promptly alerted the administrator to delete this malicious Microsoft Word document and recommended a thorough scan of the target. The law firm’s technical team confirmed that the document was unknown and performed a further scan that revealed a secondary infection. The machine was retired and re-imaged.

The Lesson: Attacks are continuous, and defense must be in depth. Merely deploying prevention technology is insufficient. Detection is a must with active SIEM monitoring along with proactive mitigation steps.

Related Catches
  • Phony Performance Warning Foiled
  • Vulnerable VoIP
  • Man-in-the-middle Disrupted at Multinational
Latest Catches
  • Trojan Hunted at a Medical Center
  • Ransomware Detected & Blocked in Business Services Firm
  • MITRE ATT&CK Guides MSP on Cobalt Strike Threat Mitigation

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept

Contact Us

  • 1 (877) 333-1433
  • Customer Support
  • partners@netsurion.com
  • sales@netsurion.com

Partners

  • Partner Program Overview
  • Partner Program Benefits
  • Become a Partner
  • Partner Portal Login

Quick Links

  • Why Netsurion
  • Blog
  • Careers
  • Our Solution
SOC 2
  • Terms of Use
  • |
  • Privacy Notice
  • |
  • Soc 2 Type 2 Compliant
  • |
  • Contact Us
  • |
  • Sitemap
  • |

Copyright © 2023 Netsurion. All rights reserved.