Stories from the SOC- SSH Brute Force Authentication Attempt

Ervin McBride IV – TDP Engineer II contributed to this article.
Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
Executive Summary
The Managed Threat Detection and Response (MTDR) analyst team received and reviewed an alarm for Brute Force Authentication – SSH Login Failure. Upon further review, the analyst team discovered sixty-two failed login events for a variety of users where the naming convention suggested a legitimate brute force attempt. The analyst team responded and engaged the customer, who was able to take appropriate action to prevent additional logon attempts.
Investigation
Initial Alarm Review
Indicators of Compromise (IOC)
The initial alarm for this IOC is associated with the second stage of the Cyber Kill Chain®. As we reviewed each event associated with…

Posted by: Andrew Lukosevic

Read full post

      

The post Stories from the SOC- SSH Brute Force Authentication Attempt appeared first on Cybersecurity Insiders.

June 03, 2020 at 09:09PM

Posted in: Cyber Security, Cybersecurity Insiders, Hacking, Hacking Articles, Hacking News, Security