Rachel Bishop 06.28.2022 2 min read

All in a Day’s Work: Fighting Log4Shell with Process Insights

Nothing says happy Friday afternoon quite like finding a Cobalt Strike implant in your network.

Such was the case for our partners at Blue Tree Technology, a Missouri-based managed service provider (MSP). Our ThreatOps team received a Windows Defender alert for Blue Tree’s environment—and just a few minutes later, a similar alert popped up for a different partner organization.

The commonality? Hackers were exploiting Log4Shell vulnerabilities to target VMware Horizon servers.

With this observable pattern at play, our ThreatOps team jumped into action.

Gathering Data with Process Insights

The team leaned on our Process Insights capability to dig into what was happening. This feature gave our team near-real-time insights in terms of what was happening across our partners’ endpoints. 

Within minutes, Process Insights unveiled which of our partners were being targeted with malicious executable commands, which allowed our team to send out incident reports to impacted partners with information on how to mitigate the threats.

BlueTreeTech_Quote1_2

Blue Tree Technology was one of those impacted partners, as one of their machines hosted by IntelliData Solutions had been hit by hackers. Alarmingly, IntelliData Solutions had already patched their VMware Horizon servers, yet threat actors were still able to bypass those precautions and work their way into Blue Tree Technology’s machine. 

Alerting Our Partners

Our ThreatOps team was able to connect with the relevant team members at Blue Tree Technology and IntelliData Solutions to provide remediation steps to get them back up and running.

Although this situation posed a real threat, traditional cybersecurity tools are notorious for raising red flags when they simply aren’t warranted. This is where the Huntress ThreatOps team is invaluable. The team analyzes logs, data and alerts to verify threats before sending incident reports to our partners. That way, our partners can focus on what actually matters and spend more time on other priorities. 

BlueTreeTech_Quote2_2

Together with the Blue Tree Technology and IntelliData Solutions teams, we were able to squash this threat by the end of the day—no weekend disruptions needed.

You can watch our interview with Blue Tree Technology and IntelliData Solutions below, or read their full story.

We love a good story with a happy (week)ending.

avatar

Rachel Bishop

Coffee Consumer. Cybersecurity Enthusiast. Content Strategist at Huntress.