all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group

Add to bookmarks
Nov. 20, 2023, 9:06 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Author: Alex Jessop (@ThisIsFineChief)


Summary


Tl;dr


This post will delve into a recent incident response engagement handled by NCC Group’s Cyber Incident Response Team (CIRT) involving the Ransomware-as-a-Service known as NoEscape.


Below provides a summary of findings which are presented in this blog post: 



  • Initial access gained via a publicly disclosed vulnerability in an externally facing server

  • Use of vulnerable drivers to disable security controls

  • Remote Desktop Protocol was used for Lateral Movement

  • Access persisted through tunnelling RDP over SSH …

alex as-a-service author blog caught cirt cyber cyber incident cyber incident response cyber incident response team engagement fantasy findings incident incident response incident response team life malware analysis ncc ncc group noescape ransomware real response service team

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities an hour ago | malware.news
advisory agency bureau cisa +32
Igor’s Tip of the Week #167: Adding and splitting segments 5 hours ago | malware.news
binary case code firmware +8
How To Recognize Macro Encrypted Strings in Malware 5 hours ago | malware.news
malware analysis topic
Apple issues emergency fixes for 2 WebKit 0-days exploited in the wild 8 hours ago | malware.news
apple article browsers bugs +16
PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin 8 hours ago | malware.news
backdoor campaign claims code +21
VMware Patches Critical Authentication Bypass Bug 8 hours ago | malware.news
authentication authentication bypass authentication bypass flaw bug +22
Exploitation of Unitronics programmable logic controllers 8 hours ago | malware.news
article canadian canadian centre for cyber security controllers +9
Make your WhatsApp chats even more private with a secret code. Here's how 9 hours ago | malware.news
article chats code conversation +8
Kimsuky hacking group faces US sanctions 9 hours ago | malware.news
apt43 assets control counter +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Protect Democracy | Remote, US
View on infosec-jobs.com

Cybersecurity Systems Security Engineer II-T

@ ManTech | 809AR - Ft Carson,Colorado Springs,CO
View on infosec-jobs.com

Security Engineer (Supporting NASA at JSC)

@ KBR, Inc. | USA, Houston, 2101 NASA Parkway, Building 21, Texas
View on infosec-jobs.com

Head of Security & IT

@ ORFIUM | Dublin, County Dublin, Ireland
View on infosec-jobs.com

Chief Privacy Officer

@ Nike | Santa Clara,CA
View on infosec-jobs.com

Security Engineer

@ SPINS | Chicago, IL
View on infosec-jobs.com
View more jobs