
Written by the SCILabs Team
The story…
It appeared that it would be a quiet Friday for our Incident Response Team; it was almost the end of the day, time to rest, suddenly the phone rang… “We need your help; a key customer is having an incident.”
From then on and during the following hours, we were dedicated to researching and obtaining any relevant data; the frustration arrived. We could not find information in our internal sources or OSINT. Still, among the obfuscated artifacts, there was a suspicious IP address, that fortunately had a single hit in the CTA’s Magellan platform. It was the help that we needed because from there, we knew that we were not alone; elsewhere, thousands of miles away, someone also saw something suspicious about it.
Through the CTA, we established contact with the great researcher that uploaded it, who provided us with new details about that IP address, which was enough to improve the hunting that led to identifying more infected computers in the client’s network. This invaluable action allowed us to continue making progress during the handling of the incident and eradicate the threat faster.
The value…
In situations such as this, we discover the power of information exchange and the importance of collaborating globally with leading cybersecurity companies. It is also a fact that the information obtained through the Magellan platform is invaluable. We realize that our efforts in researching not only serve to make our customers more secure but help other members of the CTA in combating cybercrime in the same way that their research helps us daily.
The secret…
Threat intelligence, backed up by robust technology, is the key to increase cyber-attack response capabilities and enhances the operational capabilities of all CTA members. It allows us to know the most active threats, the most prevalent types of attacks, and the most unusual modus operandi worldwide. Real collaboration and amazing people are what you will find inside the CTA.
The ending…
We can say with certainty that for Scitum, collaboration is synonymous with growth, it is to evolve together. In SCILabs (Scitum Cyber Intelligence Laboratories), we acknowledge that working together is the door that leads to success.