Eye Security

👁️🗨️ STORIES FROM THE SOC 👁️🗨️ Earlier this week, the SpearTip Security Operations Center (SOC) identified an emerging threat using fasthttp, a high-performance HTTP server and client library for the Go programming language. It is suspected that the fasthttp framework is being used to gain unauthorised access to cloud email accounts via brute-force login attempts and spamming multi-factor authentication (MFA) requests. SpearTip analysed data from a large set of Microsoft 365 tenants and could establish that fasthttp was first detected as a user agent on January 7, 2025. At Eye Security, we have observed similar behavior and suspect the surge of an ongoing, new brute force campaign using the "fasthttp" user agent. In response, we've updated our detection rules for all our cloud identity customers and conducted a retroactive hunt for this new brute force campaign. The brute force campaign shows intermittent activity. Notably, the attackers are using IP addresses from mobile and residential internet service providers. The user agent in all cases is fasthttp. Our KQL query allowed us to hunt through all our customers onboarded to Sentinel in minutes: SigninLogs | where ResultType == 0 | where UserAgent contains 'fasthttp' ✨ THE GOOD NEWS: Our customers were not breached because they had multi-factor authentication and proper access controls (conditional access policies) in place. At Eye Security, we do believe in defense in depth and assume breach. We are confident that, even without the new detection rules, our systems would have alerted us about any anomalous logons associated with this new threat. #EyeSecurity #LifeatEye #cybersecurity #sentinel #bruteforce #security

✨ Last week, we all met at the Eye Security headquarters in The Hague for our first Quarterly of 2025. This was a moment to reflect on our incredible growth and prepare for what's next. The company nearly doubled in size over the past few months and this event was a first for many of us. We took stock of our successes and leaned into the exciting challenges of growth. One highlight was an intriguing talk by author and speaker Ray Klaassens about resilience, overcoming, trust, and the importance of having each other's backs. This was a reminder that growth isn't only about numbers. It is about character, teamwork, and care. 2025 is shaping up to be exhilarating. And while there is still plenty to learn, we are ready. #EyeSecurity #LifeatEye #innovation #teamwork

👁️🗨️ STORIES FROM THE SOC 👁️🗨️ At Eye Security, we actively seek out new threat actors and study their techniques, tactics and procedures. One significant threat to organisations is business email compromise (BEC). Threat actors use various BEC techniques to perform financial fraud, among other things. Here is an example of one such alert that comes into our Security Operations Centre. Our custom Sentinel ruleset picks up details from the signin and triggers an alert while our in-house dashboard displays the most relevant details so that our analysts can quickly assess the situation. In short: ➤ The threat actor uses Adversary-in-the-Middle (AITM) phishing to gain access to a cloud identity, bypassing MFA ➤ Sentinel receives the signins and our custom rulesets are applied ➤ The rule yields an alert Our expert SOC analysts triage the alert with priority and come to the following conclusion: 🚧 Very likely malicious, revoke sessions immediately! After the session revoke, the threat actor loses access and is cut off from the cloud identity. Because our analysts respond within minutes, the damage is limited to a stolen password and a successful login. These are easily remedied by resetting the password. #EyeSecurity #LifeatEyeSecurity #cybersecurity

✨ Meet Maximilian Wolfsturm, MSP Partner Manager at Eye Security! With a talent for building strong partnerships, Max is coming to Eye full of enthusiasm: “What really motivated me to join Eye was the possibility of being part of a young company with a scaleup culture that operates within a well-functioning, promising market with a clear structure and strategy. And experiencing this exciting scaleup phase, shaping things rather than just following a pre-existing structure and saying A and B.” As MSP Partner Manager, Max builds connections with security-focused managed service providers (MSPs), grows a robust partner network and co-creates innovative business plans with our partners. Welcome aboard, Max! We can't wait to see the impact! 🔥 Sounds exciting? We're growing our MSP Partner team in Germany and the Netherlands. Join Eye Security on our mission to protect European companies from cyber threats. The link to our open roles is in the first comment! #EyeSecurity #LifeatEyeSecurity #cybersecurity #partnerships

"... Steve Ballmer would be happy to see in his Admin panel that Eye Security was now Global Administrator at the Microsoft tenant, because hey, we do have a lot of good developers working at Eye Security..." Interested in what happened here? Watch the recording of my talk at the #38c3 conference here: https://lnkd.in/ejMx3CuH This is the story of what happens when you ask an old hacker to automate the delivery of a phishing simulation. - I got myself a nice lineup of people willing to click on any link and open any attachment - I was able to export all data from a random tenant - And I could become Global Admin in a tenant of my choice. But according to Microsoft, this was just a "UI issue"... I'll let you decide 😇

⚠️ SECURITY ALERT! Microsoft Teams used in a surge of social engineering attacks We've observed a recent rise in attacks by the Black Basta ransomware group. Black Basta targets company platforms such as Microsoft Teams to exploit employees' trust in their organisation's communication channels. The attack typically starts with a so-called 'newsletter bomb' that bombards employees' inboxes with spam. After a few moments, the targeted employee receives a Teams call from the threat actor pretending to be the IT help desk, calling themselves, for instance, a "Help Desk Manager". The threat actor asks for remote access to the computer, using technologies such as Quick Assist, to "fix the spam". Once they're in, the threat actor begins to deploy backdoors and DarkGate malware. ↗ What you need to know: • Black Basta is using trusted platforms to gain access to critical systems and data • A sudden massive amount of spam followed by fake IT support calls can trick employees into installing unsafe remote access programs Our Response: We have updated our detection logic to identify parts of these attacks and are training our analysts to quickly triage the alerts. However, we urge everyone to remain vigilant. ↗ How to stay safe: • Be cautious of unsolicited IT support calls, especially after receiving hundreds of spam emails in a short time • Verify the identity of anyone requesting access to your computer • Report any suspicious activity to your IT department immediately Here are some articles that give you all the details: ↗ "Threat Actors Misusing Quick Assist in Social Engineering Attacks Leading to Ransomware": https://lnkd.in/dPJwYJ6F ↗ "Hackers Exploit Microsoft Teams in New Ransomware Scam": https://lnkd.in/eCFnp_Wx ↗ "Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks": https://lnkd.in/d-tH_U8w ↗ "Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware": https://lnkd.in/ek8nn3MA ↗ "Microsoft Teams Phishing: How to Stop the Rising Phishing Threat": https://lnkd.in/eSDJmsKK If you are affected or need forensic capability after an attack, reach out to our 24/7 Incident Response hotline. The link is in the first comment! For non-urgent requests, refer to our support line displayed in the image below. #CyberSecurity #Ransomware #BlackBasta #EyeSecurity #StaySafe

📍TALK ALERT📍From Simulation to Tenant Takeover Chief Hacker Vaisha Bernard will speak at the 38th Communication Congress (CCC) taking place on December 27-30, 2024, at CCH – Congress Center Hamburg. ↗️ When: December 30, 2024, 11:00–11:40am ↗️ Where: Saal 1, CCH, Hamburg, Germany ↗️ Language: English This talk is about what happens when you hand a hacker a challenge—and they go into the rabbit hole. You'll see how a simple request to automate a phishing simulation spiraled into uncovering: ↗️ Vulnerabilities in Microsoft's attack simulation platform ↗️ A Chinese support company asking for all your access tokens ↗️ A way to hijack remote PowerShell sessions and access random Microsoft 365 tenants Why CCC? The Chaos Communication Congress is the annual hacker conference of the Chaos Computer Club e.V.—one of the world's largest events of its kind that has been around since 1984 to cover topics around security, cryptography, privacy, and freedom of speech. See you there! #cybersecurity #LifeatEyeSecurity #chaoscommunicationcongress #38C3 #chaoscomputerclub #itsecurity #techcommunity

🎊 Wrapping up 2024 with our annual EOY party! We're celebrating what truly matters: the people of Eye Security! 🥂 Last week, the Eye Security team came together at the stunning NY Hotel at the port of Rotterdam to celebrate a one-of-a-kind year. Surrounded by one of the world's busiest ports, we reflected on how far we've come—not just as a company but as a team where everyone matters. 🌱 2024 has been a year of incredible growth, milestones, and challenges. Together, we've protected more businesses than ever before and strengthened the values that make Eye Security unique. Numerous remarkable people—fantastic colleagues and wonderful human beings—have joined our teams. None of this would have been possible without the hard work and creativity of every single individual—and their dedication shows. Just over the past three months, we were recognised in various prestigious rankings: ↗️ Eye was among the top 3 companies nominated for the Deloitte Technology Fast 50 Award Netherlands ↗️ We made it to several Sifted Leaderboards for fastest-growing startups by revenue growth: Sifted 75: Nordics & Benelux, Sifted 250: Europe, and Sifted 250: B2B SaaS ↗️ We were awarded a Top Company 2024 seal on kununu, the leading platform for employer insights in the DACH region Can't wait to see what 2025 will bring! We have ambitious plans and a lot of growth ahead of us. So keep an eye on our open roles and get in touch—we're always here for a chat. There is so much more to come! #EOY2024 #EyeSecurity #LifeatEyeSecurity #Innovation #Growth #Gratitude

In 2024, Eye Security experienced remarkable growth, doubling in size, revenue, and energy. And we are ready for 2025! This message goes out to all the incredible entrepreneurs under our protection, our exceptional partners, and the outstanding team at Eye Security. Wishing each of you a joyful Christmas and a prosperous year ahead in 2025!

𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐢𝐧 2025: 𝐁𝐨𝐮𝐰 𝐚𝐚𝐧 𝐞𝐞𝐧 𝐭𝐨𝐞𝐤𝐨𝐦𝐬𝐭𝐛𝐞𝐬𝐭𝐞𝐧𝐝𝐢𝐠𝐞 𝐝𝐢𝐠𝐢𝐭𝐚𝐥𝐞 𝐰𝐞𝐞𝐫𝐛𝐚𝐚𝐫𝐡𝐞𝐢𝐝! We vroegen 15 toonaangevende IT- en cybersecurity-experts naar hun inzichten en strategieën voor 2025. Het resultaat? Praktische richtlijnen die organisaties helpen om bedreigingen voor te blijven en veerkrachtiger te worden. Link naar het artikel: https://lnkd.in/e7zKCu6q ➡️ "Benader IT-beveiliging vanuit een breder perspectief en integreer het in de bestuursagenda." – Gerben Rochat, IT-Director, VB Groep ➡️ "Stap uit je comfortzone, omarm AI en quantum computing, en toon persoonlijk leiderschap." – Patric J.M. Versteeg, MSc., CISO, Viterra ➡️ "Focus op teamwerk, blijf leren en bouw aan een veerkrachtige organisatie." – Dimitri van Zantvliet, CISO, NS ➡️ "Bescherm veelgebruikte tools zoals e-mail en geef prioriteit aan kwetsbare systemen." – Nadine Hoogerwerf, CISO, Zivver ➡️ "Gebruik technologieën die zowel huidige als onbekende dreigingen kunnen voorkomen." – Ruben Visser, Head of IT, Ciphix ➡️ "Investeer in Next-Gen Security Operations Centers en goed patchmanagement." – Jack Van Gestel, Head of ICT, Woningborg ➡️ "Zorg dat IT-professionals continu getraind zijn in zero-trust kaders." – Wybe Aarts, ICT Manager, Amphia Ziekenhuis Breda ➡️ "Leer van hacks bij anderen en deel kennis om samen sterker te staan." – Bob Mulders, Head of IT Infrastructure, Vos Logistics ➡️ "Werk verder dan checklists en investeer in echte samenwerking met partners." – Vincent Meijer, CISO, ANWB ➡️ "Start nu met risicoanalyses en incidentrespons voor proactieve compliance." – Harry VM van der Plas, Virtual CISO ➡️ "Weet welke IT-assets je hebt en hou ze up-to-date en beveiligd." – Lucas Vousten, Partner, Joanknecht ➡️ "Neem een holistische aanpak voor risicoanalyses: preventief, detectief, correctief." – Connie S. CISO, De Binnenbaan ➡️ "Train je team in het herkennen van bedreigingen zoals phishing en blijf systemen updaten." – Remco Ultee, ICT Consultant, WEA Zeeland ➡️ "Bescherm je organisatie met MFA, back-ups en gerichte trainingen." – Ari Rafimanesh, CEO, A&A Capacity ➡️ "Monitor en werk samen aan kwetsbaarheden in de digitale toeleveringsketen." – Alan Lucas, CISO, Home Fashion Group Wie inspireert jou op het gebied van cybersecurity? Tag ze hieronder en deel dit waardevolle advies! 👇