Top Categories

Spotlight

todayMarch 28, 2020

Case Study Mjolnir Security

Attack Type – Exploitation of novel / 0-day vulnerability

Scenario: Org2 is a specialist technology company based in the UK. The Org2 IT security operations team responded to an alert from its corporate anti-virus provider that a copy of password stealing malware had been found on three of its domain controllers. This was a serious incident, and an investigation [...]

Top Voted
Sorry, there is nothing for the moment.

Intelligence

Background
share close

Who’s talking about your business? Who wants to hurt you? What information do they have?


Mjolnir Threat Intelligence (MTI) provides organizations with the awareness needed to identify and respond to cybersecurity threats before they become victims.  MTI leverages an extensive sensor and analytics network, searching web, darknet, and TOR, compiles and analyzes data in real-time, and generates customized reporting that will meet the needs and specifications of any client request. MTI empowers organizations to understand, monitor, and control the threat landscape, and enables them to proactively identify, predict, and prevent attacks before they happen. Further, the data captured by MTI results in  a more effective and efficient incident diagnosis in post-attack phase.


This unique knowledge generated by the MTI solution strengthens not just the security of the business itself, but can also strengthen the relationships with their clients and staff by protecting their end users.  Based on the needs of the organization, Mjolnir will generate custom botnet and targeted malware reports based on YARA rules, phishing reports, or offer real time data feeds in STIX/TAXII format, which can be seamlessly integrated into existing SIEM tools.


Mjolnir Threat Intelligence (MTI) can be used across sectors and for specific Use Cases, and has unique applications for Legal, Finance, and Public organization. All data is run through our proprietary Mjolnir Threat Analytics Console (MTAC).

MTAC Malware Tracker

MTAC Malware Tracker tracks popular malware campaigns around the world and maps them against MITRE ATT&CK Framework

Dealing with Mergers & Acquisitions?

MTI has been customized for organizations supporting M&A activities, by focusing on a specific acquisition target (or targets), and attempts to identify potential risks that could affect the negotiated price or projected costs from an acquisition. The M&A service can also compare the acquisition target against a set of similar companies in an effort to develop comparisons and contrasts relating to economic and business risk scenarios.


Incident Validation and Prioritization

When SOC Level 1 analysts escalate incidents to the IR team, the incident responder must prioritize those incidents and decide which ones merit detailed investigations. Cyber threat intelligence can help them identify which incidents are most likely to be connected with attacks that target their organization, and assess which attacks have the highest potential for negative impacts on the business.
MTI can speed up the process by providing threat data that links the indicators of the attack to context such as likely threat actors, their motivations (financial, competitive, and ideological), their targets, and the impact of their previous attacks.


Incident analysis

Incident responders need to pivot from initial incidents to determine if the attacks are still in progress, to pinpoint changes made to systems and applications, and to identify possible damage in terms of stolen data and disrupted operations. MTI helps them answer questions (who, what, why, when and how) to develop a complete picture of attacks.
MTI enables the IR team to connect alerts and indicators with related events and artifacts. For example, if a malware sample is detected, is there an IP address it is known to contact? Threat intelligence might show that malware indeed contacts an IP address that is used as a command and control server by a cybercriminal organization.

Incident responders can then check network logs to find other corporate systems that have communicated with this server and are likely to be compromised.