E-Mail Under Attack

Why EDR/AV/VA is Insufficient, and MDR is a Must

by UnderDefense

Aug 17, 2022

Max 10min read




Why It’s Important

Email is one of the most valuable IT systems where organization share their plans, sensitive documents, chats….and even passwords.

UnderDefense, in cooperation with the Computer Emergency Response Team of Ukraine (CERT-UA) participated in a series of Incident Response cases in H1’2022 and noticed that Russian hackers and Ransomware groups shifted their focus to breaking into E-Mail Systems (primary on Exchange and Zimbra).

In this specific case, CrowdStrike EDR was in place and spotted an initial foothold but missed other critical backdoors and TTPs which were later disarmed by the UnderDefense 24×7 MDR/SOC Team. And the attacker was eventually kicked out of the network.

What You Will Learn

  1. Risks for email system as document exchange and integral part of business workflow
  2. Data theft via business email compromise in a targeted attack scenario
  3. Recent technical vulnerabilities and risks
  4. What data APT groups are hunting for in their targeted attack
  5. Arsenal used in this case
  6. Tools vs PPT
  7. Case Details
  8. BEC incident response playbook
  9. Recommendations and takeaways

More from UnderDefense:

Questions about cyber security?

Let’s talk