This Fortune 500 manufacturer’s environment was infested with computer worms, a type of malware designed to multiply and spread across multiple devices. Wriggled into their environment, these worms were detected by one of their security tools. This meant each and every attack triggered an alert, and these alerts popped up day and night. Alert fatigue quickly settled in. Then, the “big incident” happened.
After one of their many acquisitions, this Fortune 500 company became a victim of a ransomware attack on a subsidiary network. However, by that time, they had already found a security ally in Red Canary. When a Red Canary threat hunter spotted irregular activity in their network one morning at 1 a.m., they started investigating right away. In addition to identifying a credential dumping attack, they also found encrypted files on their network—classic signs of a ransomware infection.
“Cybersecurity is not an IT thing, it’s really a human behavior thing.”
CHIEF INFORMATION OFFICER
FORTUNE 500 MANUFACTURER
Red Canary’s threat hunter quickly notified and informed the rest of the team. Banding together, the team at Red Canary began to research this behavior and create detections. Over the weekend, Red Canary also continued to work with the manufacturer’s cybersecurity team, helping prepare them to take the necessary actions to remediate the ransomware attack.
Admittedly, due to alert fatigue and lack of security expertise, their cybersecurity team wouldn’t have been able to parse through a real threat like this one. Thanks to Red Canary, they became aware of the attack that same day, allowing them to react quickly to secure their environment.