CVE-2024-3400: Zero-Day Remote Code Execution Vulnerability Exploited to Attack PAN-OS
by George Glass
Kroll’s Digital Risk Protection services provide a holistic understanding of what information is available about your organization in all corners of the internet. This can range from monitoring brand reputation to assessing the extent of leaked data from a past incident. Powered by key partnerships and elite threat intelligence analysts, Kroll’s cyber threat intelligence team leverages frontline expertise to monitor both surface and deep and dark web for deeper insight into any exposure.
As the world’s #1 incident response provider, we deliver frontline-informed dark web monitoring, brand monitoring and domain protection, and threat monitoring for social media, chat platforms and repositories. Drawing on experience in the U.S. Secret Service, the FBI, Fortune 100 and the National Cyber Forensic Training Alliance (NCFTA), Kroll’s analysts manage and minimize your organization’s exposure to risk in an increasingly complex threat landscape.
The continually evolving attack surface demands constant vigilance. Attack surface management or external attack surface management (EASM) enables organizations to monitor for and manage these types of threats more easily and effectively. Kroll’s digital risk protection service enables you to gain comprehensive insight into your external attack surface and continuously reduce your exposure across the surface, deep and dark web.
Account takeover is one of the most common ways in which threat actors gain access to accounts, typically by using previously compromised or stolen credentials sold on the dark web to automate login attempts. By monitoring comprehensively for compromised credentials, digital risk protection minimizes the risks created by account takeover.
Our threat intelligence analysts use a combination of automated and manual data collection methods to monitor for any exposures across the surface, deep and dark web sources, including ransomware shaming sites, criminal marketplaces, private forums, closed and private bin/paste sites and Tor chat platforms.
Our analysts then filter out false positives and duplicates to deliver an early warning of targeted malicious activity in the form of alerts via our client portal, Redscan, that could be indicative of an impending, targeted attack campaign on your organization.
Kroll's threat intelligence analysts hunt for activity matching selected keywords that appear on the deep and dark web and on other areas of the internet where malicious activity is most likely to take place.
Our experts review activity, mentions, chatter and data listings and deliver alerts for any type of activity that could potentially pose a risk.
Apart from monitoring for general security purposes, covering keywords such as company name, subsidiaries, domains and executive names, Kroll’s analysts also check for activity related to a specific security incident.
This includes terms related to the incident, specific data contained in exposed or exfiltrated documents, such as customer names and employee names, and in some cases, indicators of compromise (IOCs), as well as specific data contained in exposed/exfiltrated documents.
Where we look:
Through expert threat hunting, detection and takedown, Kroll's experts will help secure and preserve your organization's brand reputation. Our analysts alert you of potential attacks on your owned sites and identify spoofed sites that use typo squatting or other copycat techniques, helping to protect clients from phishing and malware scams.
Once a malicious site is identified, Kroll provides a complete managed remediation and takedown service.
Key features include:
Kroll’s intelligence analysts monitor common social media and chat platforms, including encrypted platforms, for suspicious activity or chatter relating to your organization, as well as check existing repositories for any hidden keys or suspicious activity. We merge market-leading social media monitoring technology with unrivaled threat intelligence expertise to scan popular social media and other surface web platforms—ensuring thorough oversight of potential cyber and reputational threats. We can complete a one-off review or provide ongoing monitoring for real-time threat alerts.
Threat | Solution | Outcome |
---|---|---|
Kroll’s Dark Web Monitoring service identified a post on a forum located on the Tor network containing over 1,500 credit card numbers, along with all the information needed to compromise the cards and use them for fraudulent purposes. The forum where this data was detected is known for harboring sensitive data and attracting users who may use it for malicious purposes. Approximately 250 of these cards were issued to consumers by one of Kroll’s clients in the financial services industry. | Because this client had our 24/7 Dark Web Monitoring service, the disclosure of this sensitive customer data was quickly reported to our client as a threat. Kroll was able to identify the source (forum names and usernames of the users who appeared to post the data), which was included in the incident report. | The client was able to quickly identify its affected customers and take action on the issued credit cards, thus minimizing the possibility of fraudulent transactions on these cards. This in turn helped bolster customer satisfaction and preserve the relationship, producing a competitive edge in a crowded sector of credit card providers. The client was also able to manage its ongoing risk by being aware of these forums and potentially nefarious actors on the deep web and file sharing networks. |
Customers who choose to bundle our Responder MDR service with our Digital Risk Protection services see added benefits:
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.
World-renowned cyber investigators and leading technology fuel Kroll’s managed security services, augmenting security operations centres and incident response capabilities.
Intelligent Endpoint detection and response: Maximum confidence in data security
Detect and shut down threats faster with Managed Security Information and Event Management (SIEM) management from Kroll. Gain true insight into threats with real-time threat monitoring for visibility of security events throughout your organization’s network.
by George Glass
by George Glass