Earlier this year, analysts in the AT&T Cybersecurity Managed Threat Detection and Response (MTDR) security operations center (SOC) were alerted to a potential ransomware attack on a large municipal customer. The attack, which was subsequently found to have been carried out by members of the Royal ransomware group, affected several departments and temporarily disrupted critical communications and IT systems.
During the incident, AT&T analysts served as critical first responders, promptly investigating alarms in the USM Anywhere platform and quickly communicating the issue to the customer. They also provided extensive after-hours support at the height of the attack—as the customer shared updates on impacted servers and services, the analysts gave guidance on containment and remediation. They shared all observed indicators of compromise (IOCs) with the customer, some of which included IP addresses and domains that could be blocked quickly by the AT&T Managed Firewall team because the customer was also using AT&T’s managed firewall services.
Just 24 hours after initial communications, analysts had compiled and delivered to the customer a detailed report on the incident findings. The report included recommendations on how to help protect against future ransomware attacks as well as suggested remediation actions the customer should take in the event that legal, compliance, or deeper post-incident forensic review is needed.
Read our case study to learn more about how our analysts helped the customer accelerate their time to respond and contain the damage from the attack, and learn how the AT&T Alien Labs threat intelligence team has used the findings from this incident to help secure all AT&T Cybersecurity managed detection and response customers!
More Stories
Friday Squid Blogging: Squid Game Season Two Teaser
The teaser for Squid Game Season Two dropped. Blog moderation policy. Read More
Clever Social Engineering Attack Using Captchas
This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually...
US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities
In its fourth annual report, the US Cyberspace Solarium Commission highlighted the need to focus on securing critical infrastructure and...
Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable
A new report by Check Point Software highlights a significant increase in cloud security incidents, largely due to a lack...
Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions
The bank giant and Quantinuum trialed the first application of quantum-secure technology for buying and selling tokenized physical gold Read...
This Windows PowerShell Phish Has Scary Potential
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who...