Netsurion logo Netsurion logo
  • Managed Threat Protection
    Back
    Managed Threat Protection
    EventTracker

    Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.

    • Solution Overview Managed Threat Protection
    • Platform Details Threat Protection Platform
    CapabilitiesKey Capabilities
      Back
      Key Capabilities
    • Security Operations Center
    • SIEM
    • Endpoint Security
    • Threat Detection & Response
    • Intrusion Detection
    • Vulnerability Management
    • Threat Hunting
    • Ransomware Protection
    • Microsoft 365 Security
    • Regulatory Compliance
    Business ApplicationsBusiness Applications
      Back
      Business Applications
    • Private Equity
    • Banking & Financial Services
    • Healthcare & Pharmaceutical
    • Retail & Hospitality
  • Secure Edge Networking
    Back
    Secure Edge Networking
    BranchSDO

    All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.

    • Solution Overview Managed Secure Edge Networking
    • Platform Details Edge Networking Platform
    CapabilitiesKey Capabilities
      Back
      Key Capabilities
    • Network Operations Center
    • Secure SD-WAN
    • Next-Gen Firewall
    • Network Threat Response
    • Network Segmentation
    • Cellular Failover
    • Wi-Fi Management
    • PCI DSS Compliance
    Business ApplicationsBusiness Applications
      Back
      Business Applications
    • Point-of-Sale Security
    • Restaurant & Hospitality
    • Retail & C-Store
    • Branch Offices
  • Partners
    Back
    Partners
    Partner Program Overview

    Accelerate business growth through our award-winning partner program.

    • Partner Program Overview
    • Managed Service Provider Program
    Partner Program Overview Image
  • Insights
    Back
    Insights
    Insights
    • View All
    • Cybersecurity
    • Compliance
    • SOC Catch of the Day
    • Webcasts & Events
    Insights Image
  • Company
    Back
    Company
    About Us
    • About Netsurion
    • Leadership
    • News
    • Careers
    • Contact Us
    About Us Image
  • Support
    • myNetsurion
    • BranchSDO Support
    • EventTracker Support
  • Support
  • myNetsurion
  • Contact Us
  • How to Buy

SOC Catch of the Day

We review billions of logs daily to keep you safe from advanced threats.

HomeInsights Catch of the Day Dubious Document Destroyed

Dubious Document Destroyed at Law Firm

The Network: Our client is an established law firm with more than 225 lawyers with a long history of well-planned growth, enduring client relationships and leadership across more than eight decades. Multiple locations are supported by an IT team located at HQ. Law firms must safeguard sensitive information ranging from global contracts to mergers and acquisition data to pending court cases. . Netsurion’s Managed Threat Protection enables an additional layer of defense in depth with its 24/7 security monitoring capabilities.

The Expectation: The primary user is not an IT professional and therefore must be kept safe against malware that is prevalent today. Endpoints are maintained carefully with patching and a brand name anti-virus, and a properly configured firewall at each location. Given that attackers will exploit every possible vector, constant monitoring is needed.

The Catch: Netsurion’s SOC (Security Operations Center) observed that the scanning module at the firewall reported a possibly malicious Microsoft Word document was embedded in a web server request that originated in the network but to a server in Taiwan.

The Find: Although the Microsoft Word document was dormant on the endpoint, a proactive assessment of its MD5 hash by the Netsurion’s SOC detected that it was malicious and contained the trojan called Valyria. US-CERT has warned about malicious Microsoft Word document that could contain Visual Basic for Applications (VBA) macros. These files can download and install malware, install proxy and remote access trojans (RATs), connect to command and control (C&C) servers to receive additional instructions, and modify the victim's firewall to allow incoming connections. The Department of Homeland Security (DHS) and the FBI identified trojan malware variants used by the North Korean government. This malware variant is known as TYPEFRAME. The U.S. Government refers to malicious cybersecurity activity by the North Korean government as HIDDEN COBRA.

The Fix: Netsurion’s security analyst promptly alerted the administrator to delete this malicious Microsoft Word document and recommended a thorough scan of the target. The law firm’s technical team confirmed that the document was unknown and performed a further scan that revealed a secondary infection. The machine was retired and re-imaged.

The Lesson: Attacks are continuous, and defense must be in depth. Merely deploying prevention technology is insufficient. Detection is a must with active SIEM monitoring along with proactive mitigation steps.

Related Catches
  • Phony Performance Warning Foiled
  • Vulnerable VoIP
  • Man-in-the-middle Disrupted at Multinational
Latest Catches
  • MITRE ATT&CK Guides MSP on Cobalt Strike Threat Mitigation
  • PowerShell Threat Neutralized by MSP of Financial Client
  • Crypto mining via PowerShell Caught at Retailer
Catch of the Day Catch of the Day RSS Feed

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept

Contact Us

  • (713) 929-0200
  • BranchSDO Support
  • EventTracker Support
  • partners@netsurion.com
  • sales@netsurion.com

Partners

  • Partner Program Overview
  • Managed Service Provider Program
  • Partner Portal Login
  • Find a Partner

Quick Links

  • Why Netsurion?
  • Blog
  • Careers
  • Managed Threat Protection
  • Secure Edge Networking

Follow Us:

Stay in the Loop

  • Terms of Use
  • |
  • Privacy Policy
  • |
  • Soc 2 Type 2 Compliant
  • |
  • Descriptions of Services
  • |
  • Contact Us
  • |
  • Sitemap
  • |

Copyright © 2022 Netsurion. All rights reserved.