During the November SecureWorks’s analysts using software analyzed two Web servers that were attacked via exploits OwaAuth and China Chopper.
In the first case, the Outlook Web App e-mail server (OWA) was hacked and installed a web shell-OwaAuth. As a result of the web.config file analysis found that logging activities on the server has been turned off, so the researchers did not find anything.
The analysts launched AETD Red Cloak’s system and found that the server attacks continue and hackers try to turn off the system logs on the server to prevent the detection of hackers’ action on the server.
In the second case, investigators had found a JPG file that contains malicious code. Although researchers have not proven that using this particular file has been compromised server. They believe that the attack on the server to use the same JPG file.
Thanks to automated and manual methods of detection and response, the analyst was able to identify malicious activity. Therefore SecureWorks’s experts recommend using software AETD Red Cloak’s to combat this type of threat.