This is some text inside of a div block.
Glitch effect

All in a Day’s Work: Fighting Log4Shell with Huntress Managed EDR

By

Download Your

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Glitch effectGlitch effectGlitch effectGlitch effectGlitch effect

All in a Day’s Work: Fighting Log4Shell with Huntress Managed EDR

|
Contributors:
Glitch effectGlitch effectGlitch effect
Share
Glitch banner

Nothing says happy Friday afternoon quite like finding a Cobalt Strike implant in your network.

Such was the case for our partners at Blue Tree Technology, a Missouri-based managed service provider (MSP). Our ThreatOps team received a Windows Defender alert for Blue Tree’s environment—and just a few minutes later, a similar alert popped up for a different partner organization.

The commonality? Hackers were exploiting Log4Shell vulnerabilities to target VMware Horizon servers.

With this observable pattern at play, our ThreatOps team jumped into action.

Gathering Data with Huntress Managed EDR

The team leaned on Huntress Managed Endpoint Detection and Response (EDR) to dig into what was happening. This feature gave our team near-real-time insights in terms of what was happening across our partners’ endpoints. 

Within minutes, Huntress Managed EDR unveiled which of our partners were being targeted with malicious executable commands, which allowed our team to send out incident reports to impacted partners with information on how to mitigate the threats.

BlueTreeTech_Quote1_2

Blue Tree Technology was one of those impacted partners, as one of their machines hosted by IntelliData Solutions had been hit by hackers. Alarmingly, IntelliData Solutions had already patched their VMware Horizon servers, yet threat actors were still able to bypass those precautions and work their way into Blue Tree Technology’s machine. 

Alerting Our Partners

Our ThreatOps team was able to connect with the relevant team members at Blue Tree Technology and IntelliData Solutions to provide remediation steps to get them back up and running.

Although this situation posed a real threat, traditional cybersecurity tools are notorious for raising red flags when they simply aren’t warranted. This is where the Huntress ThreatOps team is invaluable. The team analyzes logs, data and alerts to verify threats before sending incident reports to our partners. That way, our partners can focus on what actually matters and spend more time on other priorities. 

BlueTreeTech_Quote2_2

Together with the Blue Tree Technology and IntelliData Solutions teams, we were able to squash this threat by the end of the day—no weekend disruptions needed.

You can watch our interview with Blue Tree Technology and IntelliData Solutions below, or read their full story.

We love a good story with a happy (week)ending.

Blurry glitch effect

Sign Up for Blog Updates

Subscribe today and you’ll be the first to know when new content hits the blog.

Huntress at work