In today’s threat landscape, while we can’t always stop vishing at its source, Darktrace focuses on preventing attackers from achieving their end goal. Here’s how: 1. A vishing attacker spoofed an internal IT line and tricked a remote user into approving an MFA request. 2. The attacker used static IP addresses to proxy through the VPN, making their actions appear legitimate. 3. Darktrace detected reconnaissance activities like LDAP and port scanning, alongside failed NTLM authentication attempts. 🛡️ How Darktrace Stopped the Attack on the remote user: Autonomous Response blocked all outgoing traffic and SMB connections. Enforced a pattern of life and contained activity, halting lateral movement. Learn more about how Darktrace protects against these threats:
Did you know that a simple phone call could lead to a major network compromise? 📞 When a remote user fell victim to a vishing attack, it allowed a malicious actor to gain access to a customer network. But thanks to our swift detection and response, we prevented any data loss and secured the network. Discover the full story and learn how we tackled the threat in our Inside the SOC blog 👇 🔗 https://lnkd.in/gbMRkvsM
