We’d love to connect with you to learn more about your team, share insight into Pillr, and answer any questions you may have.
The Pillr SOC team identifies a customer security breach and guides remediation
As IT service providers seek to expand business and take on mounting customer security requirements, some are exploring developing cybersecurity programs. Unfortunately, building and staffing a security operations center (SOC) is cost prohibitive and unduly challenging given the current 3.4M global cybersecurity workforce shortage.
Many are moving to collaboratively managed software solutions, like Pillr. Co-managed solutions allow MSPs to meet the 27/7/365 security monitoring needs of their customer base, while developing internal cybersecurity expertise and remaining attentive to costs.
Pillr SOC team response: Security analysts partner to verify event severity
As a part of its always-on security operations practice, Pillr SOC analysts identified an at-risk organization among a partner’s managed customer environments. The customer organization, an international toy company, had been breached via port 3389 through the use of brute force tactics.
Immediately following confirming the connection, the Pillr SOC team contacted the service provider through both email and phone to take on collaborative remediation.
Investigation: Realizing the value of always-on collaboration
Honing in on the event on the platform, the Pillr SOC team uncovered indicators the attacker was attempting to pivot through the network—after gaining access to one machine, they were attempting to move to another. Pillr advised the MSP to take the machine offline, followed by reimaging and resetting user credentials.
Additional research by Pillr threat hunters showed the bad actors had employed known-bad IP addresses and utilized wordlists, inputting multiple usernames until they gained access.
Within 48 hours, the united teams had effectively halted the breach in partnership with the customer’s embedded IT division.
Solution: MSP delivers compelling customer service with the 24/7/365 SOC service and support of Pillr
Within 48 hours, the united teams had effectively halted the breach in partnership with the customer’s embedded IT division. Now, to assess the impact. Using data analysis and investigation tooling on the platform, Pillr security analysts and threat hunters were able to identify the point of weakness in the customer’s system and determine the entry time of the bad actor—even charting their path following entry.
The SOC team then held a postmortem with the MSP, sharing insight into their findings and ensuring the partner was prepared to represent the value they delivered working in tandem with Pillr. To date, it appears no data was exfiltrated as a result of the breach given the close collaboration of Pillr and the MSP.
Minor misconfigurations lead to big internal network breaches—proactive security by Pillr
Situation: Small misconfigurations lead to big internal network breaches
Today, many organizations deploy numerous technologies to function effectively. As new hardware and software is introduced—from appliances, to business and productivity software, and operating systems—the potential to misconfigure access and permissions settings increases. Even simple misconfigurations can lead to expansive breaches.
Read how one hospital partnered with Pillr in a routine penetration test, exposing a simple JMX Server misconfiguration that allowed full domain access.
Pillr assessment: Internal infrastructure
As part of an internal infrastructure assessment, the Pillr team deployed a testing node. Selecting a regular user segment—a role reflecting the lowest possible access and permissions settings—they were able to test the strength of the system, mimicking the likely scenario of an external breach. No other authentication was provided.
Solution: Gained access to internal network with insecure software
The Pillr team discovered a server running a misconfigured Java JMX agent that didn’t require authentication. With entry to the machine, the team was able to apply post-exploitation techniques to obtain full domain administrator privileges.
Outcome: Short-term remediation, long-term security strategy
This case study demonstrates how inconspicuous configuration missteps can lead to compromising an otherwise secure network. Ultimately, the Pillr team delivered an actionable, short-term remediation solution and long-term strategy to help the hospital increase network security as their data management and protection needs matured.
Routine pentests with Pillr can help your team gauge security posture strength and identify opportunities to improve.
Routine compliance testing by Pillr uncovers leaked employee credentials
Situation: An employee’s credentials are leaked
Passwords are intended to protect networks—but used incorrectly, they can become a ready key for bad actors. It’s not uncommon for employees to use the same password across third-party sites and workplace access points, making the organization vulnerable to credential stuffing attacks. With this approach, an attacker uses leaked account credentials to access an organization’s appliances, email, or VPN—often gaining access to the entire network.
Read how one insurance firm partnered with Pillr in penetration testing, revealing a previously unknown security risk due to numerous leaked employee credentials.
Pillr assessment: External infrastructure
As part of a routine Pillr security assessment, the team performed a penetration test. The full-spectrum test allowed the team to gain clarity on the environment and situation as they cataloged every potential point of entry for the firm, including Open Source Intelligence (OSINT) reconnaissance.
Solution: Gained access to internal network with leaked credentials
In their assessment, the Pillr team identified a set of employee email credentials that had been leaked on the Darknet—the result of a third-party breach. Using one of these credentials, the team accessed the employee’s desktop via an external Citrix appliance. With a foothold in the internal organization network, they proceeded to hunt for additional vulnerabilities, ultimately gaining domain administrator privileges.
Outcome: Short-term remediation, long-term security strategy
Previous pentesting companies had deemed this insurance firm secure, where Pillr was able to penetrate their internal network and gain access to sensitive information. The final Pillr security assessment documented the firm’s weak entry points, outlined a plan of action to address immediate network vulnerabilities, and provided a long-term strategy to improve the firm’s overall security posture.
Understanding social engineering and building a preventative security program with Pillr
Situation: Popular casino hotel sets new standard for security with Pillr
Email phishing is a form of social engineering that presents unique challenges in today’s fast-paced, highly connected workplace. Disguised as a trusted source to its recipients, phishing attempts prompt users to click a link or download a file, offering a ready inroad to an organization’s networks.
Read how one casino hotel partnered with Pillr in an email phishing assessment to identify network weak points and set a new baseline for security posture.
Pillr assessment: Email phishing
Phishing emails were sent disguised as “Help Desk” to a pool of 100 employees, requesting they enter their workplace email credentials to respond to a series of security questions. Of the pool, 7 employees opened the Pillr phishing test within the testing timeframe.
Solution: 71% of sought secure information was obtained
Of the 7 opened test emails, 5 resulted in clicked links and 3 employees entered their workplace email credentials. The Pillr team was then able to use the harvested credentials to log into the organization’s externally accessible email, gaining access to sensitive information, including employee records, legal documents, and payroll information.
Outcome: Improved awareness of network and user weak points
The Pillr email phishing assessment revealed vulnerable network access points for the casino hotel and helped its IT team realize the need to teach staff to identify phishing scams. Pillr provided step-by-step guidance to fortify the organization’s network, supported by a long-term strategy to improve employee awareness of modern cybersecurity threats.
Interested in exploring Pillr? We’d love to connect with you.