Proactive NEC XON cyber security measures thwart major mining firm cyber attack

Cyber security measures successfully thwarted a major ransomware attack targeting a leading mining firm.

---

NEC XON recently demonstrated its considerable cyber security capabilities by thwarting a potential ransomware attack targeting a major mining group. The incident began when NEC XON's xCTEM (Extended Continuous Threat Exposure Management) platform identified that credentials for a privileged account, capable of accessing remote services such as VPN, were being sold by an Initial Access Broker (IAB). 

These credentials were likely to be purchased by ransomware operators known for human-operated ransomware attacks, posing a significant threat to the mining firm's operations.

Upon receiving this intelligence, NEC XON's Managed Detection & Response (MDR) team immediately assessed the overall business risk associated with the compromised account. 

The team determined the potential impact if ransomware operators gained access to the mining firm's environment. To mitigate the risk, NEC XON quickly implemented several measures:

Armand Kruger, Head of Cyber Security at NEC XON.

---

• Password change: The password for the compromised privileged account was changed to a more complex passphrase.
• Multi-factor authentication (MFA): MFA was enabled for the account to add an additional layer of security.
• Risk-based controls: Additional controls were applied, including restricting the account to log in only from certain devices and locations.

Two days after NEC XON’s proactive response to limit the identified risk and protect the privileged identity, VPN login attempts were detected from IP addresses linked to the Maze ransomware group, using the privileged identity.

These attempts were blocked, preventing any unauthorised access. This incident underscores the importance of NEC XON's proactive measures, which not only detected but also prevented a potentially devastating ransomware attack.

The benefits of NEC XON's intervention were multifaceted. The xCTEM platform's early warning capabilities enabled NEC XON to alert the mining firm about the potential threat before the compromised credentials could be exploited. 

This proactive approach ensured the security of the firm's systems, preventing data breaches and operational disruptions. Additionally, NEC XON's deployment of advanced AI-driven technologies underscores their commitment to pioneering a more predictive and proactive cyber security strategy, thereby enhancing overall resilience against cyber threats.

"Our extensive knowledge of adversarial tactics, how threat actors operate, and how they form part of the modern digital cyber ecosystem enables us to facilitate proactive response measures to ensure effective incident response outcomes,” says Armand Kruger, Head of Cyber Security, NEC XON

NEC XON's proactive cyber security measures not only minimised the risk of disruption to the mining firm's operations but also maximised sustainability. The approach ensures data breaches and cyber threats are addressed swiftly, protecting the business from significant losses.