NEC XON Disrupts Sophisticated Cyber-Attack at Top International Service Provider

NEC XON thwarts human-operated ransomware attack

The Attack
Recent global research [security.com] indicates that “Ransomware attacks continued to trend upwards in 2024, rising by 3% compared to 2023, underlining the resilience of this particular cyber threat. ”The surge in ransomware activity was despite some major setbacks faced by two of the biggest threat actors. Law enforcement actions in late 2023 and early 2024 targeted two of the most prominent ransomware groups, LockBit and Noberus, leading to a temporary slowdown in attacks during the first quarter. However, this decline was short-lived, as ransomware operations quickly regained momentum, escalating significantly in the latter half of the year.

NEC XON recently showcased its advanced cyber threat detection and response capabilities by successfully thwarting a human-operated ransomware attack targeting a major service provider. The attackers exploited compromised privileged credentials to access a remote service used by the provider for external connectivity. Because this service was exposed to the internet, ransomware operators were able to log in using stolen credentials, setting the stage for a potential large-scale breach.
Once inside the system, the attackers began reconnaissance efforts, gathering intelligence about the organisations' infrastructure and attempting to move laterally to other nodes using the stolen privileged credentials.

The response
NEC XON’s Managed Detection & Response (MDR) team quickly identified the suspicious activity through multiple alerts. Analysing the attack patterns, they determined it was a human-operated ransomware group aiming to encrypt files and extort the provider for decryption keys.
“Cyber resilience is the art of managing digital risks—the ability to reduce risk to a level that is manageable and containable,” said Armand Kruger, Head of Cybersecurity at NEC XON. “We implement advanced AI-driven security solutions and mature cyber anticipation, detection, and response capabilities to proactively identify cyber threats before they pose a significant risk to our customers' digital environments.”
To mitigate the attack and minimise damage, NEC XON implemented swift countermeasures:

• Device Isolation: The compromised internet-exposed machine was immediately taken offline to prevent further lateral movement and blocked from internet access to eliminate any chance of re-entry.
• Identity Isolation: The compromised account’s password was rotated to a more complex passphrase, and its privileges were revoked to prevent further exploitation.
• Adaptive Risk-Based Measures: Additional security enhancements were introduced, including multi-factor authentication (MFA) enforcement on all internet-facing remote access services, geo-locking, and increased automation to detect and block threats at the earliest stage.
• Incident Coordination & Communication: Clear communication channels were established to keep the service provider informed about the attack, the countermeasures implemented, and long-term preventive strategies to enhance security.

The outcomes
As a result of this proactive response, NEC XON’s cybersecurity team has fortified the ISP’s cybersecurity by continuously monitoring customer environments for vulnerabilities before they can be exploited.

Armand Kruger, Head of Cybersecurity at NEC XON

About NEC XON
NEC XON is a leading African integrator of ICT solutions and part of NEC, a Japanese global company. The holding company has operated in Africa since 1963 and delivers communications, energy, safety, security, and digital solutions. It co-creates social value through innovation to help overcome serious societal challenges. The organisation operates in 54 African countries and has a footprint in 16 of them. Regional headquarters are located in South, East, and West Africa. NEC XON is a level 1-certified broad-based black economic empowerment (B-BBEE) business. Discover more at www.nec.xon.co.za.
 
Issued by: Michelle Oelschig, Scarlet Letter 
Contact details: 083-636-1766, [email protected] ​