E-Mail Under Attack

Platform
Security & Compliance Automation Platform

UnderDefense MAXI is the solution to day-to-day cybersecurity problems of IT leaders and teams. It builds your 24/7 business protection together with you on the driver’s seat.

Request a Demo
UnderDefense MAXI Wins Top Solutions Award for Excellence in Cyber Threat Intelligence!
It’s truly award season here at UnderDefense! We are thrilled to announce that we have recently…

Read More
Solutions
24/7 Threat Detection & MAXImum Responsiveness

Our MDR clients have had no ransomware cases for the last 6 years, because we know cybersecurity and we mean it. Get all the threat context in 2 minutes, and reduce your MTTC to 15 minutes with the the most efficient MDR solution that seamlessly scales to your specific needs.

Request a Demo
Calculate your MDR price
Pay only for the services you actually need, with no hidden costs.

Get a Quote Now
I want to
Fully or Co-Managed SOC at your fingertips

Stop breaches & streamline operations. 24/7 threat hunting & compliance. Gain expert insights, offload Tier 1 burden.

Request a Quote
UnderDefense helps industry leader fortify security after Azure AD phishing breach
Our client is at the forefront of the industry, boasting a team of seasoned professionals with…

Read More
Resources
Fully Managed SIEM at your service

Accelerate your SIEM time-to-value. Get a SIEM up and running in 20 minutes with 1000+ new correlation rules for all your use cases.

Request a Quote
Detecting invisible: passwords stealers on MacOS with blind EDR
Learn how to detect stealthy macOS threats that bypass even the most advanced EDR systems…

Watch Now
Company
See deeper into your security than scanners do

All types of pentests performed by award-winning ethical hackers. Get the most comprehensive pentest report and remediation guidelines to strengthen your defenses ASAP.

Request a Quote
UnderDefense is now a Splunk Manage Premier Partner!
It’s time to celebrate! We are excited to share that UnderDefense has been awarded the Manage…

Read More
Contact
The first to respond & remediate. For You.

The most comprehensive Incident Response solution. Incident responding, decrypting, investigating, and remediating–we do it all. While your hands on the wheel.

Request a Quote
Why choose UnderDefense MDR over others
We leverage your existing tools, fight threats 20x faster with automation, and proactively hunt across all environments. Full MDR, remote SOC, or co-managed security.

Learn More

Book a Demo Try Now Free

Go back

All Topics

Aug 17, 2022

Written

by UnderDefense

Why It’s Important

Email is one of the most valuable IT systems where organization share their plans, sensitive documents, chats….and even passwords.

UnderDefense, in cooperation with the Computer Emergency Response Team of Ukraine (CERT-UA) participated in a series of Incident Response cases in H1’2022 and noticed that Russian hackers and Ransomware groups shifted their focus to breaking into E-Mail Systems (primary on Exchange and Zimbra).

In this specific case, CrowdStrike EDR was in place and spotted an initial foothold but missed other critical backdoors and TTPs which were later disarmed by the UnderDefense 24×7 MDR/SOC Team. And the attacker was eventually kicked out of the network.

What You Will Learn

Risks for email system as document exchange and integral part of business workflow
Data theft via business email compromise in a targeted attack scenario
Recent technical vulnerabilities and risks
What data APT groups are hunting for in their targeted attack
Arsenal used in this case
Tools vs PPT
Case Details
BEC incident response playbook
Recommendations and takeaways