Search
Close this search box.

Ransomware is the Tip of the Iceberg—Can Open XDR / XDR avoid you becoming the Titanic?

Ransomware attacks are occurring at an increasingly staggering pace. The tactics for deploying it are evolving at an equally rapid pace. Ransomware-as-a-service providers on the dark web are using ML to create zero-day strains, and traditional security technologies are struggling to keep up.

Ransomware attacks are occurring at an increasingly staggering pace. The tactics for deploying it are evolving at an equally rapid pace. Ransomware-as-a-service providers on the dark web are using ML to create zero-day strains, and traditional security technologies are struggling to keep up. What if the ransomware attack was only a diversion from the attacker’s real goal?

Most attackers establish a foothold within an environment and do a significant amount of reconnaissance before making their move. They can be pervasive in your environment for weeks or months before they deploy a ransomware attack. This has been corroborated by annual threat reports from just about everyone for the last several years. What if the goal was not the ransom but instead your intellectual property?

Ransomware is the Tip of the Iceberg—Can Open XDR / XDR avoid you becoming the Titanic?
One of our partners was working with a new customer on an IR engagement. They had not purchased any managed services from the MSSP partner at that point. What was discovered during the IR is that while they were dealing with the ransomware attack, their customer’s SQL database was dumped to a file and exfiltrated through a DNS tunnel. The attackers also established several accounts in their systems to remain persistent.

This was a classic example of a multi-stage ransomware attack. It is imperative that MSP and MSSP partners can connect the weak signals they are getting from every cybersecurity technology they support in order to be able to see the early warning signs and understand when other events are connected to the ransomware. This can be extremely difficult for a SOC team that is consumed with thousands of alerts per day. There are tools for Incident Management, but it requires your analyst to find every artifact and add it to the incident manually.

Open XDR can help partners protect their customers proactively by detecting the attackers in the reconnaissance stage of the XDR kill chain. Stellar Cyber is the first SOC security company to deploy a specialized type of AI called Graph ML to automatically correlate all these signals and alerts into incidents. Then, the incidents are scored and ranked by their severity. This significantly reduces the MTTD and the administrative overhead for the SOC.

As you are evaluating