printer friendly version

Spoiling a cyberattack on a mining company

Armand Kruger.

NEC XON recently demonstrated its cybersecurity capabilities by thwarting a potential ransomware attack targeting a major mining group. The incident began when NEC XON's xCTEM (Extended Continuous Threat Exposure Management) platform identified that credentials for a privileged account, capable of accessing remote services such as VPN, were being sold by an Initial Access Broker (IAB).

These credentials were likely to be purchased by ransomware operators known for human-operated ransomware attacks, posing a significant threat to the mining firm's operations.

The response

Upon receiving this intelligence, NEC XON's Managed Detection & Response (MDR) team immediately assessed the overall business risk associated with the compromised account. The team determined the potential impact if ransomware operators gained access to the mining firm's environment. To mitigate the risk, NEC XON quickly implemented several measures:

● Password change: The password for the compromised privileged account was changed to a more complex passphrase.

● Multi-factor authentication (MFA): MFA was enabled for the account to add an additional layer of security.

● Risk-based controls: Additional controls were applied, including restricting the account to log in only from certain devices and locations.

Two days after NEC XON’s proactive response to limit the identified risk and protect the privileged identity, VPN login attempts were detected from IP addresses linked to the Maze ransomware group, using the privileged identity.

These attempts were blocked, preventing any unauthorised access. This incident underscores the importance of NEC XON's proactive measures, which not only detected, but also prevented a potentially devastating ransomware attack.

The benefits

The benefits of NEC XON's intervention were multifaceted. The xCTEM platform's early warning capabilities enabled NEC XON to alert the mining firm about the potential threat before the compromised credentials could be exploited. This proactive approach ensured the security of the firm's systems, preventing data breaches and operational disruptions. Additionally, NEC XON's deployment of advanced AI-driven technologies underscores their commitment to pioneering a more predictive and proactive cybersecurity strategy, thereby enhancing overall resilience against cyber threats.

"Our extensive knowledge of adversarial tactics, how threat actors operate, and how they form part of the modern digital cyber ecosystem enables us to facilitate proactive response measures to ensure effective incident response outcomes,” says Armand Kruger, Head of Cyber Security, NEC XON.

NEC XON's proactive cybersecurity measures, not only minimised the risk of disruption to the mining firm's operations, but also maximised sustainability. Their approach ensures that data breaches and cyberthreats are addressed swiftly, protecting the business from significant losses.

Share this article:

Further reading: