November 8, 2024

Security Detection Update – 2024-11-08

Welcome to our security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.

Introduction and Overview

Welcome back for another round of "Catch That Threat Actor". I'm your host Amanda Berlin and we have a great detection for you today with some chilly vibes!

New Detections

This update introduces:

Midnight Blizzard Suspicious RDP File Created

A detection to find those sneaky Midnight Blizzard IoCs! If you hadn't heard there have been active campaigns from the Russian threat actor group "Midnight Blizzard" who have been sending targeted phishing campaigns with .rdp files that would expose sensitive information by mapping local resources to a remote server.

Status: Enabled
Log type requirement: Windows or Blumira Agent for Windows
For more information, see Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

MS365 Sharepoint: 500 or more file deletions in 15 minutes

This is one of those that speaks for itself with our next-gen-intuitive-detection-titles

Status: Disabled
Log type requirement: MS365 Sharepoint

Tag(s): Product Updates , Blog , Product Release Notes , Detection Update

Amanda Berlin

Amanda Berlin is the Senior Product Manager of Cybersecurity at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An...