New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Counterintelligence Team Uncovers Potential Attack On MSP And Takes Quick Action

Counterintelligence Team proactively looks for threats

Binary Defense Intelligence Analysts are always on the lookout for potential threats to customers … but if they happen to run across a threat to a non- customer of Binary Defense, they take action nonetheless. They would
tell you it’s “all in a day’s work,” because that’s their job—they aim to stop cybercriminals from carrying out attacks on unsuspecting businesses.

The Counterintelligence (CI) team is unique in that they are proactively looking for threats, rather than reacting to an existing threat. This is a powerful method of learning about the latest types of attacks, and informing customers so they can be prepared.

Part of the work done by the CI team is to scour the Clearnet (the Internet as most people know it) and Darknet for criminal activity. The team, many of whom have prior military or government experience, is able to gain access to criminal forums and pose as cybercriminals themselves to discern what threats are being discussed. When a threat is identified, the CI team takes action to inform the parties involved and attempt to remediate or prevent the threat from being carried out.

Analyst found threat against Managed Services Provider and took action

One of the Intelligence Analysts spotted an anonymous post from a person who claimed to have obtained backdoor access to a Managed Services Provider (MSP) located in the United States. They further claimed that this access could be used to install software (such as ransomware) on all of the MSP’s computers, as well as on the computers of the MSP’s customers.

MSPs have customer bases of all sizes, so this threat carried extra weight. If a cybercriminal gained access to the MSP and its customers, they could successfully paralyze or completely shut down several companies.

Posing as a cybercriminal allows an Intelligence Analyst to gain the trust of others on the forum. The threat actor was offering to sell the MSP access to anyone on the forum for bitcoins. The “undercover” Binary Defense analyst was ultimately able to obtain the name of the MSP from the threat actor.

Once the Counterintelligence Team learned of this criminal activity, they involved law enforcement. Working collaboratively with law enforcement is something the CI team does on a regular basis. This ensures that operations are done in a manner which preserves evidence, and is geared to bring justice to the victim. The MSP was informed of the potential breach and was able to take immediate, corrective action to prevent illlegal access from a threat actor. Without the diligence and skill of the CI analyst, the results could have been devastating.