Recently we moved to Huntress as our Cyber Security provider as they provide 24/7 high level monitoring, and already we have seen clients that could have potentially been hacked, been stopped in their tracks with Huntress. You can read more about this shift and the reasons why in our previous article here.

    In this article, we are sharing the report that we receive on a monthly basis that shows the overall analysis for all of our customers. This month alone, Huntress analyzed 397,588 changes to the computer systems on our network in order to detect malicious activity.

    • Cyber Threat Hunters reviewed 331 potential threat indicators that were previously unknown or suspicious.
    • In-depth investigations were conducted as needed and 2 cyber incident reports were created and responded to by the security team.

    This defense strategy continues to reduce your cyberattack risk, maximize your security, and minimize downtime and damage to your business.

    The below visual shows how much monitoring is going on behind the scenes.

    Persistent Footholds

    What is a persistent foothold you may well ask? Persistent Footholds are mechanisms attackers use to gain long-term access to a network by exploiting common auto-starting applications (autoruns), such as Skype or Google Updater. By abusing and masquerading as legitimate system components, attackers can slip by other security tools, remaining undetected while planning their next move

    During this report’s timeframe, our cybersecurity platform analyzed 397,588 changes to the systems in order to uncover persistent footholds that, if not remediated quickly, become malicious threats to your businesses.

    Cyber Threat Hunters manually reviewed 84 autoruns that were previously unknown or suspicious. As a result, your security team identified no persistent footholds on your computer systems.

    What this means is that you can rest assured that there is a LOT of work going on behind the scenes to ensure that these malicious attackers don’t get in to your system.

    Ransomware Canaries

    Like the old canary in the coal mine, Ransomware Canaries enable faster and earlier detection of potential ransomware incidents. When deployed, small lightweight files are placed on all protected endpoints—and if those files are modified or changed in any way, an investigation is conducted.

    During this timeframe, our security team monitored 8,328 deployed canaries on Windows endpoints, which acted as early warning signals for ransomware on your network.

    Ransomware in the News

    Huntress observed an increase in incidents linked to a relatively obscure ransomware family, referred to as “Akira” based on the file extension appended to locked files. Akira operations work on a double-extortion principle, exfiltrating data (often using commercial or legitimate software tools) while also locking files. The entity maintains a leak site for posting harvested information if ransom is not paid. At this time, Huntress has not observed any particularly unique or interesting behaviors associated with this entity. But, as confirmed with discussions among industry partners, the group appears to be increasingly active since the start of 2023, and represents the continued proliferation of disruptive ransomware actors targeting small business and similar targets.

    In Summary

    This article aims to give you a brief insight in to the high level of Cyber Security that is being conducted on a 24/7 basis behind the scenes for our clients. Cyber Security continues to be a key focus for Ultra IT and for our clients, and whilst no Cyber Security can ever guarantee 100% protection, this is certainly an intensive security system.

    For any concerns or to discuss your specific security concerns with our friendly Ultra Team, please feel free to reach out to us here.