Eye Security

☄️ Did you know that 26% of cyber attacks target manufacturers? Last year, 1 in 4 manufacturers had to shut down in the aftermath of a cyber attack. And more than 70% of industrial manufacturers experienced a cyber incident. Further, the impact of a successful attack can reach $4.73m. If the trend continues, the projected global impact will be $10.5tn by 2025. Visit our Manufacturing Resource Hub for resources, case studies, and tips on how to stay protected. The link is in the first comment! #eyesecurity #cybersecurity #manufacturing #industry40

✨ INTRODUCING: The people of Eye Security ✨ From founding a SaaS security company to leading the Product, Design & Engineering team at Eye Security, Bert S. shares his dedication to overcoming complex technical challenges and building multi-talented teams. Swipe to learn more about Bert's work and the qualities that drive innovation at Eye Security. Ready for a change? We're hiring! Join the Product, Design & Engineering team on the exciting journey of building an open XDR platform that sets the industry standard. #EyeSecurity #LifeatEyeSecurity #cybersecurity #innovation #hiring

👁️🗨️ 𝐒𝐓𝐎𝐑𝐈𝐄𝐒 𝐅𝐑𝐎𝐌 𝐓𝐇𝐄 𝐒𝐎𝐂: 𝐦𝐢𝐬𝐜𝐨𝐧𝐟𝐢𝐠𝐮𝐫𝐞𝐝 𝐓𝐞𝐚𝐦𝐕𝐢𝐞𝐰𝐞𝐫 𝐥𝐞𝐚𝐝𝐬 𝐭𝐨 𝐥𝐨𝐜𝐚𝐥 𝐫𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 👁️🗨️ Recently, we got a call from a new customer who was still in the process of implementing our Managed Detection and Response (MDR) service and therefore had only onboarded one-third of their systems. A misconfigured TeamViewer instance was running on one of their clients. And a threat actor used this vulnerability to execute ransomware on the system. Becoming aware of the threat, the user started a full scan using Microsoft Defender, detecting and intercepting the ransomware execution. Overall, the ransomware was executed for about 10 minutes and could encrypt large portions of the endpoint. Luckily, only a few files on an attached network share were encrypted. Our SOC analysts quickly confirmed that there were no signs of network propagation. After a quick triage of the compromised system, our incident response team came to the same conclusion. ⚠️ 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐬𝐚𝐦𝐩𝐥𝐞 𝐬𝐡𝐚256 𝐡𝐚𝐬𝐡: 52eae786f538e42e6e8e671cd7d6639368ee0cd8437b76bc64810b73bd4b5dbc 𝐓𝐡𝐞 𝐭𝐚𝐤𝐞𝐚𝐰𝐚𝐲𝐬: ➤ Best-of-breed EDR solutions are challenging to defeat and will usually catch threat actors before they can reach their goals. ➤ To achieve a good security posture, most of your endpoints should be secured by an EDR solution. ➤ EDR alone is not enough. You need a dedicated team to examine all the alerts and detections in real time. Want to know how Eye Security can help? Reach out to get all the details. #EyeSecurity #LifeatEyeSecurity #ransomware #cybersecurity

Security and insurance go hand in hand—that’s why we’re proud to welcome Van Dessel Insurance Brokers as one of our newest insurance partners! With 40,000+ clients and 200 employees, Van Dessel is one of Belgium’s leading insurance brokers, known for their expertise, personal approach, and innovative solutions that help businesses protect their future.    "At Van Dessel, we believe that a secure digital environment is essential for the future of every business. Together with Eye Security, we are strengthening our commitment to protecting companies against cyber threats." – Robin Verlinden, Business Developer Financial Lines at Van Dessel Together, we’re making cybersecurity stronger, smarter, and more accessible. Welcome, Van Dessel! Robin Verlinden Tom Janssens Philippe De Brabanter Evi Van Pée Magali Delens Anne Masson #insurance #security #cyberinsurance #cybersecurity #partnership

⚠️ Want to know how threat actors use OneDrive compromise as an attack path to local Windows hosts? Trusted Microsoft cloud applications like OneDrive are notoriously used in cyber threat campaigns. Eye Security's threat research team recently investigated an attack method that uses OneDrive sync to move from a compromised Microsoft 365 account to a full-blown Windows host infection. The scary part: the attack can go undetected for weeks without raising any red flags. ☄️ This is how the attack works: ➤ Compromised Microsoft credentials grant access to OneDrive and enable sync misuse ➤ The attacker replaces shortcut (.lnk) files in the synced desktop folder ➤ The next time the user clicks on their browser shortcut, malicious code executes 🚧 This is how you protect your organisation: ➤ Block OneDrive shortcut files from syncing ➤ Train employees to spot phishing attempts and unusual behaviour ➤ Deploy robust EDR and SIEM solutions ➤ Consider 24/7 MDR services to detect and intercept threats in real time Read our full article to get all the details—the link is in the first comment! #eyesecurity #lifeateyesecurity #cybersecurity #Microsoft365 #threatintel #phishing #MDR #EDR

👩💻 How should you prepare for your technical interview? We’ve put together a handy guide to help you excel in the technical assessment. And we’ve asked Bert S., VP of Product & Engineering, about the qualities that make a candidate stand out. Discover the full article here: https://lnkd.in/eZRk7DzA 👾 Want to join our growing Engineering & Product team? Here are some exciting roles to check out: + Engineering Manager in Berlin (hybrid) + Senior Product Manager in the UK (remote), the Hague or Berlin (hybrid) + Software Engineer II in Berlin (hybrid) + Software Engineer IV in Berlin (hybrid) Visit our careers page for more info—as usual, the link is in the first comment! #eyesecurity #lifeateyesecurity #hiring

👁️🗨️ STORIES FROM THE SOC: 𝐅𝐚𝐤𝐞 𝐂𝐀𝐏𝐓𝐂𝐇𝐀 𝐰𝐢𝐭𝐡 𝐋𝐮𝐦𝐦𝐚 𝐒𝐭𝐞𝐚𝐥𝐞𝐫 👁️🗨️ We've recently observed an uptick in 'Fake CAPTCHA' malware incidents within our SOC. In one instance, the fake CAPTCHA originated from a typo-squatted supplier domain and tried dropping info stealer malware. Fortunately, the customer had our EDR installed, which intercepted the threat before alerting the SOC. Interestingly though, there were two EDRs on the endpoint, and only CrowdStrike was able to detect the Fake CAPTCHA, where the other EDR didn't. 🔍 𝐇𝐨𝐰 𝐭𝐡𝐢𝐬 𝐅𝐚𝐤𝐞 𝐂𝐀𝐏𝐓𝐂𝐇𝐀 𝐖𝐨𝐫𝐤𝐬: - Users are redirected to what appears to be a legitimate CAPTCHA page. In our case, the customer accessed a typo-squatted domain. - The CAPTCHA prompts users to press 𝑾𝒊𝒏𝒅𝒐𝒘𝒔 + 𝑹, paste a command from their clipboard, and press 𝑬𝒏𝒕𝒆𝒓. - This executes a PowerShell script that installs the 𝘓𝘶𝘮𝘮𝘢 𝘚𝘵𝘦𝘢𝘭𝘦𝘳 malware, capable of stealing passwords, cookies, and cryptocurrency wallet details. - The URL in this case had a user ID that could only be used once: 𝒉𝒙𝒙𝒑𝒔[://]𝒔𝒐𝒍𝒗𝒆[.]𝒖𝒂𝒚𝒚[.]𝒐𝒓𝒈/𝒂𝒘𝒋𝒔𝒙[.]𝒄𝒂𝒑𝒕𝒄𝒉𝒂?𝒖=𝑼𝑰𝑫. Currently, this domain is no longer active. 💡 𝐊𝐞𝐲 𝐓𝐚𝐤𝐞𝐚𝐰𝐚𝐲𝐬: - Train your end-users to be cautious of unusual CAPTCHA requests and to verify the legitimacy of websites before interacting with CAPTCHA tests. - Ensure you have a properly configured and tested EDR solution running on endpoints and make sure the SOC knows how to determine if the info stealer did execute, or not. - You can monitor typo-squatted domains and issue a take-down notice combined with a Google Safe Browsing submission. __________ 𝐈𝐎𝐂𝐬: 𝘩𝘹𝘹𝘱𝘴[://]𝘴𝘰𝘭𝘷𝘦[.]𝘶𝘢𝘺𝘺[.]𝘰𝘳𝘨/ (Inactive domain) 𝘮𝘴𝘩𝘵𝘢.𝘦𝘹𝘦 𝘩𝘵𝘵𝘱𝘴://𝘋𝘖𝘔𝘈𝘐𝘕/ # ✅ ''𝘐 𝘢𝘮 𝘯𝘰𝘵 𝘢 𝘳𝘰𝘣𝘰𝘵 - 𝘳𝘦𝘊𝘈𝘗𝘛𝘊𝘏𝘈 𝘝𝘦𝘳𝘪𝘧𝘪𝘤𝘢𝘵𝘪𝘰𝘯 𝘐𝘋: 𝘐𝘕𝘛 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐢𝐧 𝐂𝐫𝐨𝐰𝐝𝐒𝐭𝐫𝐢𝐤𝐞 𝐅𝐚𝐥𝐜𝐨𝐧: 𝘍𝘪𝘭𝘦𝘕𝘢𝘮𝘦=𝘮𝘴𝘩𝘵𝘢.𝘦𝘹𝘦 𝘊𝘰𝘮𝘮𝘢𝘯𝘥𝘓𝘪𝘯𝘦=/𝘩𝘵𝘵𝘱(𝘴)?:\/\//𝘪 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐢𝐧 𝐊𝐐𝐋 (𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐄𝐧𝐝𝐩𝐨𝐢𝐧𝐭 𝐏2): 𝘋𝘦𝘷𝘪𝘤𝘦𝘗𝘳𝘰𝘤𝘦𝘴𝘴𝘌𝘷𝘦𝘯𝘵𝘴 | 𝘸𝘩𝘦𝘳𝘦 𝘍𝘪𝘭𝘦𝘕𝘢𝘮𝘦 == "𝘮𝘴𝘩𝘵𝘢.𝘦𝘹𝘦" | 𝘸𝘩𝘦𝘳𝘦 𝘊𝘰𝘮𝘮𝘢𝘯𝘥𝘓𝘪𝘯𝘦 𝘮𝘢𝘵𝘤𝘩𝘦𝘴 𝘳𝘦𝘨𝘦𝘹 @"𝘩𝘵𝘵𝘱(𝘴)?:\/\/" __________ Stay vigilant and keep your defences strong! 🛡️

New Partnership Alert! 🚨 Previder and Eye Security are joining forces to provide 24/7 protection against cyber threats. Why did Previder choose Eye Security? "Eye Security delivers top-tier cybersecurity from the Netherlands. This partnership makes 24/7 security monitoring with instant response accessible to all our customers—enhanced by Previder’s trusted service." – Wim Los, COO, Previder Read more in Previder’s press release: https://lnkd.in/ed6JCrEr #CyberSecurity #StrongerTogether #Previder #EyeSecurity Wim Los Job Kuijpers Hilko Starke Mark van Heijningen Floor Zacht Jesse Melse Arno Witvliet Vincent van de Ven Odin Groep

We are excited to welcome yet another MSP to the Eye Security partner network! Falcon Automation, a trusted IT provider with over 30 years of experience serving SMEs, has chosen to strengthen its portfolio with our elite Managed Detection and Response service. Falcon has built a strong reputation for delivering top-tier IT infrastructure and support. Now, by integrating our 24/7 SOC into their portfolio, they are taking cyber protection for their clients to the next level—ensuring businesses across Belgium stay resilient against threats. Welcome aboard, Falcon Automation! Bart Dessent Inge Vranken Maikel Broekx Gregory Hertsens Jesse Melse Anne Masson

Wir freuen uns sehr, unsere bevorstehenden 𝐕𝐨𝐫𝐭𝐫ä𝐠𝐞 𝐮𝐧𝐝 𝐕𝐞𝐫𝐚𝐧𝐬𝐭𝐚𝐥𝐭𝐮𝐧𝐠𝐞𝐧 𝐢𝐧 𝐐1 𝐢𝐧 𝐃𝐞𝐮𝐭𝐬𝐜𝐡𝐥𝐚𝐧𝐝 ankündigen zu können. Wenn Sie an einer dieser Veranstaltungen teilnehmen, würden wir uns freuen, Sie zu treffen und darüber zu sprechen, wie wir die 𝐙𝐮𝐤𝐮𝐧𝐟𝐭 𝐝𝐞𝐫 𝐂𝐲𝐛𝐞𝐫𝐬𝐢𝐜𝐡𝐞𝐫𝐡𝐞𝐢𝐭 𝐟ü𝐫 𝐈𝐡𝐫 𝐔𝐧𝐭𝐞𝐫𝐧𝐞𝐡𝐦𝐞𝐧 mit gestalten können.    1️⃣ Technologietag Hein, 13. März, Hannover Langenhagen 👉 Fachvortrag von Marcel van Asperdt zur Cyberkrise: Wie sieht effektiver Schutz in der Industrie aus?   👉 Weitere Informationen finden Sie hier https://lnkd.in/eXwRCewA   2️⃣ secIT by heise 2025, 19. & 20. März, Hannover Congress Centrum 👉 Stand E5 (Eilenriedehalle) 👉 Deep Dive Session zu NIS2 👉 Cyber-Workshop für Führungskräfte 👉 Weitere Informationen finden Sie auf unserer Website unter https://lnkd.in/e5tfGYKM 3️⃣ HANNOVER MESSE 2025, 31. März - 4. April, Hannover Messegelände 👉 mit eigenem Stand, Vorträgen und Workshops    Wir hoffen, Sie dort zu sehen! #incidentresponse #itsicherheit #cybersicherheit #lifeateyesecurity