Johannesburg, 11 Sep 2024
The threat
NEC XON recently demonstrated its considerable cyber security capabilities by thwarting a potential ransomware attack targeting a major mining group. The incident began when NEC XON's xCTEM (Extended Continuous Threat Exposure Management) platform identified that credentials for a privileged account, capable of accessing remote services such as VPN, were being sold by an Initial Access Broker (IAB).
These credentials were likely to be purchased by ransomware operators known for human-operated ransomware attacks, posing a significant threat to the mining firm's operations.
The response
Upon receiving this intelligence, NEC XON's Managed Detection & Response (MDR) team immediately assessed the overall business risk associated with the compromised account.
The team determined the potential impact if ransomware operators gained access to the mining firm's environment. To mitigate the risk, NEC XON quickly implemented several measures:
- Password change: The password for the compromised privileged account was changed to a more complex passphrase.
- Multi-factor authentication (MFA): MFA was enabled for the account to add an additional layer of security.
- Risk-based controls: Additional controls were applied, including restricting the account to log in only from certain devices and locations.
Two days after NEC XON’s proactive response to limit the identified risk and protect the privileged identity, VPN login attempts were detected from IP addresses linked to the Maze ransomware group, using the privileged identity.
The outcome
These attempts were blocked, preventing any unauthorised access. This incident underscores the importance of NEC XON's proactive measures, which not only detected but also prevented a potentially devastating ransomware attack.
The benefits
The benefits of NEC XON's intervention were multifaceted. The xCTEM platform's early warning capabilities enabled NEC XON to alert the mining firm about the potential threat before the compromised credentials could be exploited.
This proactive approach ensured the security of the firm's systems, preventing data breaches and operational disruptions. Additionally, NEC XON's deployment of advanced AI-driven technologies underscores their commitment to pioneering a more predictive and proactive cyber security strategy, thereby enhancing overall resilience against cyber threats.
"Our extensive knowledge of adversarial tactics, how threat actors operate, and how they form part of the modern digital cyber ecosystem enables us to facilitate proactive response measures to ensure effective incident response outcomes,” says Armand Kruger, Head of Cyber Security, NEC XON
Achieving greater cyber resilience and survivability
NEC XON's proactive cyber security measures not only minimised the risk of disruption to the mining firm's operations but also maximised sustainability. The approach ensures data breaches and cyber threats are addressed swiftly, protecting the business from significant losses.
Share
NEC XON
NEC XON is a leading African integrator of ICT solutions and part of NEC, a Japanese global company. NEC XON has operated in Africa since 1963 and delivers communications, energy, safety, security, and digital solutions. It co-creates social value through innovation to help overcome serious societal challenges. The organisation operates in 54 African countries and has a footprint in 16 of them. Regional headquarters are located in South, East, and West Africa. NEC XON is a level 1-certified broad-based black economic empowerment (B-BBEE) business. Discover more at www.nec.xon.co.za.