Incident Response Timeline TIME From Detection
to Escalation: 20 MINUTES
Join us for our latest real-world attack example which will walk through an attack on a customer in the construction industry with the attacker leveraging the Microsoft Exchange vulnerabilities that were released in early 2021. We’ll show you step by step how the Arctic Wolf team was able to help this customer both stop the immediate attack as well as build a long term fix for these vulnerabilities.
ATTACKER'S 5-MONTH WINDOW
Microsoft releases out-of-band patch to address multiple critical vulnerabilities within Microsoft Exchange
Microsoft releases security updates for a second set of RCE vulnerabilities within Microsoft Exchange
May - July 2021
These collections of vulnerabilities are dubbed ProxyShell. Bad actors leverage three separate vulnerabilities as part of a single attack to bypass authentication and execute code
August 2nd, 2021
Customer completes onboarding with Arctic Wolf
View Detailed Attack Timeline
with our concierge security team
Although many Managed Detection and Response services would end once the threat was remediated, the
With a complete understanding of your unique IT environment, the Arctic Wolf® Concierge Security® Team (CST) provides your team with coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Arctic Wolf Concierge Security Team is focused on using this attack to improve the security posture of the customer.
Microsoft Exchange Vulnerabilities and Patch Guidance
In the example above, an attacker leveraged the Microsoft Exchange Vulnerabilities released in early 2021 on a customer in the construction industry.
Detailed guidance and links to available patches have been provided by Microsoft here.
Note: Please pay careful attention to the patch instructions as there are known issues when applying the patch manually documented by Microsoft on the page.
Arctic Wolf Helps Customers Manage Vulnerabilities
At Arctic Wolf, we help our customers develop workflows to ensure that critical risks are assigned to the right individuals within the department to identify, prioritize, and patch as quickly as possible. We keep track of known vulnerabilities you have been unable to patch and, with Arctic Wolf® Managed Detection and Response, monitor those systems for IOCs. Our Concierge Security Team works proactively to improve security posture overall within our customer, so that if a major vulnerability does hit the damage is better contained.