eSentire

As your business scales, so do the threats you're facing. Your team needs a partner that can detect threats in seconds and contain them in minutes. At eSentire, our sole mission is to protect your critical data, technology, and people from cyber threats. We combine: ✅ Total Attack Surface Visibility ✅ XDR Cloud Platform Technology ✅ Proprietary Machine Learning Models ✅ 24/7 Threat Hunting The result? eSentire MDR delivers complete Response to stop threats before they become business-disrupting events. Combat-ready and battle-tested, Team eSentire stands guard so you don't have to. An attack on you is an attack on us. Full stop. Get started now: https://bit.ly/3HAc6c8

The latest TRU Weekly Threat Briefing is now out! 🦉 📰 This week, TRU is discussing: 1️⃣ Qilin Ransomware Steals Credentials Stored in Chrome The Qilin ransomware group now employes the unusual tactic of stealing user credentials from the Chrome browser, prior to ransomware deployment. These credentials may be used in the future for re-entry or to target users’ personal accounts. 2️⃣ Update: National Public Data Confirms Breach National Public Data has released a statement confirming a breach of their records exposing millions of Americans personal data. Due to the scope of this breach, it is advisable for individuals to assume that they are impacted and to proactively safeguard themselves as cybercriminals could exploit their data for nefarious purposes. 3️⃣ Iranian Cyber Campaigns Targeting U.S. Political Entities Iranian state-backed cyber operations pose a significant risk to the integrity of U.S. elections, potentially leading to compromised campaign data, manipulation of public opinion, and long-term damage to democratic institutions and national security. Read the full threat briefing below! ⬇ #threatbriefing #threatintelligence #ransomware #qilin

One of the biggest concerns for many MSP operators is how to resonate with cybersecurity buyers. 🚀 In this article for Channel Futures, Bob Layton, our Chief Channel Officer, shares his tips on how MSPs can reach new buyers while growing relevance to current customers, such as: 1️⃣ Dust off managed security basics 2️⃣ Demonstrate value consistently 3️⃣ Understand the buyer's journey of discovery Successful MSPs are getting back to basics: spending time with customers, showing genuine concern, and building strong partnerships. It's not just about creating demand; it's about sensing it and capturing it effectively. Moreover, Bob also stresses the importance of human emotions in business relationships. Concern, alignment, partnership, and caring are key to attracting new buyers and retaining existing ones. Check out the full article for more insights and get Bob's 5-step framework for messaging and content: https://bit.ly/3Xd3Nhc #MSP #CustomerJourney #ManagedSecurity

If someone had your ChatGPT credentials—what sensitive data could they access? 😬 Recent findings from eSentire TRU reveal that GenAI account credentials for platforms like ChatGPT and Huggingface are being sold on underground markets. Cybercriminals are leveraging stolen credentials to gain unauthorized access and exploit sensitive data. Here's what you need to know: Cybercriminals are selling approximately 400 GenAI credentials daily - often stolen using infostealer malware, which captures everything entered into a browser. Underground Markets like “LLM Paradise” offer stolen GPT-4 and Claude API keys, sometimes for as little as $15. Access to GenAI accounts allows hackers to obtain customer info, financial data, and proprietary business information. TRU Recommendations: 1️⃣ Monitor GenAI Usage: Track prompts and files shared for comprehensive visibility. 2️⃣ Implement Strong Authentication: Use FIDO2 security keys if available, or follow best password practices. 3️⃣ Leverage Dark Web Monitoring: Stay ahead of credential theft by monitoring underground markets. Get the detailed TRU analysis here: https://bit.ly/46NRQSr #CyberSecurity #GenAI #DataProtection #Infostealers #ThreatIntelligence #eSentire #MDR

Have you read the latest TRU Weekly Threat Briefing yet? 🦉 📰 This week, here are the top 3 events that we're discussing: 1️⃣ Ransomware Attackers Introduce New EDR Killer To Their Arsenal The rise in the adoption of EDR solutions has driven attackers to develop and deploy specialized tools like EDRKillShifter. Attackers are motivated by the need to bypass these advanced tools to ensure the successful execution of their malicious payloads. 2️⃣ Microsoft Patch Tuesday August 13th marked Microsoft’s monthly Patch Tuesday release. This month, Microsoft highlighted six zero-day vulnerabilities confirmed to be actively exploited by threat actors. Organizations are strongly recommended to review the full Microsoft release and apply all relevant security patches. 3️⃣ Hackers Leak 2.7 Billion Data Records The leak from National Public Data highlights the importance of cyber security when handling high amounts of sensitive data. As the records contain personal information, including social security numbers, it is highly likely the data will be utilized to conduct identity theft. Read more below! ⬇ #threatbriefing #threatintelligence #ransomware

We’re giving our customers the edge against adversaries by partnering with the Joint Cyber Defense Collaborative (JCDC)! JCDC is a public-private initiative led by the Cybersecurity and Infrastructure Security Agency (CISA) aimed at bolstering global cybersecurity resilience. Our involvement with JCDC means access to cutting-edge intelligence on vulnerabilities and adversary tactics, which will further empower our threat sweeps and real-time investigations across the eSentire XDR Cloud Platform. After building 520+ new detectors last year, TRU remains relentless in outmaneuvering cyber adversaries. Now with the JCDC, we’re enhancing our ability to anticipate and neutralize emerging threats. 🔗 Learn more about JCDC and TRU’s impact: https://bit.ly/4dP8L9r #CyberSecurity #JCDC #ThreatIntelligence #eSentire #CyberDefense #MITREATTACK

Our Threat Response Unit (TRU) has discovered a sophisticated malware campaign targeting the government sector - deploying XWorm, VenomRAT, PureLogs Stealer, and AsyncRAT 🏛️ 💀 Key findings from our TRU: - The attack utilized a WebDAV server on TryCloudflare for hosting and dispersing malicious files, initiated via a phishing email. - Attackers employed advanced techniques like obfuscated batch and encrypted Python files to execute malicious operations. As always phishing remains a primary and effective attack vector and ongoing vigilance and advanced email filtering are crucial. Recommendations from TRU: - Strengthen security protocols surrounding file management systems. - Educate team members on the latest phishing tactics and preventive strategies. - Implement robust, kernel-level monitoring security solutions to detect and counteract syscall-level attacks. 🔗 Check out the latest TRU Positive for actionable insights and expert recommendations: https://bit.ly/4dwI8qe #Cybersecurity #eSentire #ThreatDetection #ManagedDetectionResponse #InfoSec

📃 Breach protection warranties in MDR contracts provide financial safeguards. But are they giving you the coverage you expect? Cyber insurance doesn't reduce the risk of a breach. This is where MDR breach protection warranties step in, offering additional layers of security. But with conditions and limitations, how effective are they really? Before locking in your MDR provider, make sure you ask: - What are the qualifications for warranty coverage? - Have others successfully claimed the full warranty? - Are there regional or device restrictions? - Is coverage terminated after the first claim? Knowing these answers ensures your warranty aligns with your risk management strategy. Learn how to navigate MDR warranties effectively: https://bit.ly/3X8EXit

Stepping into a new security leadership role? Here's how to excel from day one... 🚀 Defending against relentless threats while driving business growth—under tight budgets and resource constraints—is no small feat. You’re juggling technical demands with strategic foresight, all while guiding your team to success. So, what’s the secret to thriving in this high-stakes role? A proven security program that fuses resilience with growth. It’s not just about having the right technologies in place. It’s about crafting a holistic framework tailored to your organization’s unique needs, one that prioritizes resilience, agility, and business alignment. In this ebook, discover how to: 🔹 Build a strategy that seamlessly integrates people, processes, and technology. 🔹 Shift your focus from risk reduction to robust cyber resilience. 🔹 Create a roadmap that tackles immediate vulnerabilities and drives long-term success. 🔹 Decide when to build in-house capabilities vs. partnering with an MDR provider for 24/7 protection. Get the ebook and start building a security program that strengthens your business: https://bit.ly/3X4KBCo #CyberSecurity #MDR #CyberResilience #CISO #SecurityLeadership #ThreatDetection

This week's TRU Weekly Threat Briefing is officially out! 🦉 📰 In this edition, we're addressing: 1️⃣ PureHVNC Deployed via Python Multi-stage Loader Both eSentire and Fortinet have observed an email-based campaign delivering a multi-stage loader, leading to the deployment of a variety of malware. Organizations must be aware of sophisticated social engineering threats, implementing both human and technical controls. 2️⃣ #StopRansomware: BlackSuit (Royal) Ransomware Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the BlackSuit ransomware is a rebranding of the Royal ransomware group. BlackSuit is highly active, targeting a variety of industries around the globe, with ransom demands ranging from $1 million to $10 million USD. 3️⃣ How Malicious Actors Are Leveraging Cloud Service Many modern organizations utilize legitimate cloud platforms in day-to-day operations. Threat actors can leverage this to blend malicious activity within common operations, hosting command- and-control or exfiltration infrastructure. Read the full threat briefing below! ⬇ #threatintelligence #threathunting #blacksuit