Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group

Nov. 20, 2023, 9:06 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Author: Alex Jessop (@ThisIsFineChief)

Summary

Tl;dr

This post will delve into a recent incident response engagement handled by NCC Group’s Cyber Incident Response Team (CIRT) involving the Ransomware-as-a-Service known as NoEscape.

Below provides a summary of findings which are presented in this blog post:

Initial access gained via a publicly disclosed vulnerability in an externally facing server

Use of vulnerable drivers to disable security controls

Remote Desktop Protocol was used for Lateral Movement

Access persisted through tunnelling RDP over SSH …

alex as-a-service author blog caught cirt cyber cyber incident cyber incident response cyber incident response team engagement fantasy findings incident incident response incident response team life malware analysis ncc ncc group noescape ransomware real response service team

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Managed Detection and Response in 2023 51 minutes ago | malware.news

analysis and response center collecting +26

Dynamic Link Dazzle: Unveiling the Dark Side of DLLs an hour ago | malware.news

application apt apt groups chinese +20

KapeKa Backdoor: Russian Threat Actor Group’s Recent Attacks an hour ago | malware.news

actor attacks backdoor cyber +16

Why space exploration is important for Earth and its future: Q&A with David Eicher 2 hours ago | malware.news

amp article benefits beyond +18

ISC Stormcast For Tuesday, April 30th, 2024 https://isc.sans.edu/podcastdetail/8960, (Tue, Apr 30th) 6 hours ago | malware.news

topic

Report on the First Scientific Experiment to Test the Impact of Generative AI on Complex, … 7 hours ago | malware.news

boston business consultants consulting +16

2023 Activities Summary of SectorD groups (KOR) 7 hours ago | malware.news

Relaying Kerberos Authentication from DCOM OXID Resolving 8 hours ago | malware.news

access active directory adcs administrator +21

SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1) 9 hours ago | malware.news

app article blog financial +7

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Architect - Identity and Access Management Architect (80-100% | Hybrid option)

@ Swiss Re | Madrid, M, ES

View on infosec-jobs.com

Alternant - Consultant HSE (F-H-X)

@ Bureau Veritas Group | MULHOUSE, Grand Est, FR

View on infosec-jobs.com

Senior Risk/Cyber Security Analyst

@ Baker Hughes | IN-KA-BANGALORE-NEON BUILDING WEST TOWER

View on infosec-jobs.com

Offensive Security Engineer (University Grad)

View on infosec-jobs.com

Senior IAM Security Engineer

@ Norfolk Southern | Atlanta, GA, US, 30308

View on infosec-jobs.com

View more jobs

all InfoSec news

Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group

Summary

Tl;dr

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Jobs in InfoSec / Cybersecurity

SOC 2 Manager, Audit and Certification

Security Architect - Identity and Access Management Architect (80-100% | Hybrid option)

Alternant - Consultant HSE (F-H-X)

Senior Risk/Cyber Security Analyst

Offensive Security Engineer (University Grad)

Senior IAM Security Engineer