NEC XON disrupts sophisticated cyber attack at top international service provider

NEC XON thwarts human-operated ransomware attack. (Image: NEC XON)

---

Recent global research indicates that “ransomware attacks continued to trend upwards in 2024, rising by 3% compared to 2023, underlining the resilience of this particular cyber threat”. The surge in ransomware activity was despite some major setbacks faced by two of the biggest threat actors. Law enforcement actions in late 2023 and early 2024 targeted two of the most prominent ransomware groups, LockBit and Noberus, leading to a temporary slowdown in attacks during the first quarter. However, this decline was short-lived, as ransomware operations quickly regained momentum, escalating significantly in the latter half of the year.

NEC XON recently showcased its advanced cyber threat detection and response capabilities by successfully thwarting a human-operated ransomware attack targeting a major service provider. The attackers exploited compromised privileged credentials to access a remote service used by the provider for external connectivity. Because this service was exposed to the internet, ransomware operators were able to log in using stolen credentials, setting the stage for a potential large-scale breach.

Once inside the system, the attackers began reconnaissance efforts, gathering intelligence about the organisation's infrastructure and attempting to move laterally to other nodes using the stolen privileged credentials.

NEC XON’s Managed Detection & Response (MDR) team quickly identified the suspicious activity through multiple alerts. Analysing the attack patterns, they determined it was a human-operated ransomware group aiming to encrypt files and extort the provider for decryption keys.

Armand Kruger, Head of Cybersecurity at NEC XON. (Image: NEC XON)

---

“Cyber resilience is the art of managing digital risks – the ability to reduce risk to a level that is manageable and containable,” said Armand Kruger, Head of Cybersecurity at NEC XON. “We implement advanced AI-driven security solutions and mature cyber anticipation, detection and response capabilities to proactively identify cyber threats before they pose a significant risk to our customers' digital environments.”

To mitigate the attack and minimise damage, NEC XON implemented swift countermeasures:

• Device isolation: The compromised internet-exposed machine was immediately taken offline to prevent further lateral movement and blocked from internet access to eliminate any chance of re-entry.
• Identity isolation: The compromised account’s password was rotated to a more complex passphrase, and its privileges were revoked to prevent further exploitation.
• Adaptive risk-based measures: Additional security enhancements were introduced, including multifactor authentication (MFA) enforcement on all internet-facing remote access services, geo-locking and increased automation to detect and block threats at the earliest stage.
• Incident co-ordination and communication: Clear communication channels were established to keep the service provider informed about the attack, the countermeasures implemented and long-term preventive strategies to enhance security.

As a result of this proactive response, NEC XON’s cyber security team has fortified the ISP’s cyber security by continuously monitoring customer environments for vulnerabilities before they can be exploited.