Hijacked Internal Server Identified at $10 Billion Communications Company
Crypto mining can be extremely lucrative. It is also requires an extreme amount of expensive compute resources and electricity, making it fertile ground for hackers to exploit enterprise networks for their own mining efforts. When an internal server at a large, $10 Billion+ global communications company was hijacked and hacked, time was being sold on the dark web. Traditional perimeter based defense mechanisms that rely on historical log data and sophisticated queries by data scientists would mean that identifying this breach would be delayed by many weeks.
Using VASA by RANK Software, the business was able to see activity showing high rates of remote desktop activity from that server going to the outside world using real-time search. This behaviour was identified as anomalous as it deviated from the traditional pattern of people connecting to servers as opposed to the outside. Beyond identifying this severely anomalous activity, VASA’s asset mapping was able to pinpoint where this RDP activity was coming from.
RANK is uniquely able to deliver this solution through: