Summary On a monthly basis, NCC Group’s Threat Intelligence Team researches and identifies prolific threats in the landscape, from new infostealer malware to widespread campaigns conducted by nation states or Organised Crime Groups (OCGs) for threat hunts on our SOC customers’ infrastructure.
This allows us to leverage both behavioural and IoC- driven threat hunting techniques to fuel proactive detection on our customer’s environments and subsequently remediate the threat. These IoC’s are queried against our EDR, SIEM, and Network Monitoring clients, and this past month our focus was the exploitation of a CVSS 10.0 critical vulnerability (CVE-2024-3400), affecting the PAN-OS software found in Palo Alto Network Firewalls. The Results Across all of our services, our hunt produced hits for 22% of our clients, the vast majority of which were triggered for the malicious IP address 66[.]235[.]168[.]222 which was labelled as command & control (C2) infrastructure by Palo Alto themselves. Our Network Monitoring services saw results for 18% of the client base, for the same IP address, highlighting its prolific use by the threat actor.
MDR and XDR services The full insights provided by our Threat Hunt are covered in our Premium Threat Pulse. This is available to Managed Service clients and those that purchase our Intelligence Subscription Service. Our Threat Hunt capabilities are available through our Managed Services offerings including MDR, MXDR and XDR SOC services. Get in touch with our teams to give your organisation the reassurance and insights provided by our proactive intelligence-led security services.
Figure 3: Plotted Graph of findings
11
Made with FlippingBook Ebook Creator