Loaded: 0%
Current Time 0:00
Duration 0:00
Remaining Time 0:00
 
1x

How to detect and mitigate GOLD TAHOE attacks

 

Exploiting file transfer services gives threat groups like Clop operator GOLD TAHOE, the group behind the MOVEit Transfer attacks, access to shared files. Some of these may come from third parties, as for example in the Zellis payroll compromise, which formed part of the MOVEit Transfer attacks.

HOW GOLD TAHOE (TA505, FIN11) CONDUCTS ITS ATTACKS

While there is little an organization can do to prevent a breach of a trusted third-party, especially through the abuse of a zero-day vulnerability in the vendor's platform, these steps help detect and mitigate the threat posed by GOLD TAHOE.

Enforce a retention policy on shared files to ensure data is available for only as long as it is needed.

Protect highly sensitive data (like PII) with file level encryption that requires a key that is not stored on the file sharing service.

Enable alerting that indicates when files are being accessed and monitor for anomalies.

Implement auditing so that if a breach occurs it can be quickly determined what files were present during relevant time period(s).

Encrypt data in transit and at rest

Implement network flow monitoring to detect and alert on large data transfers for on-premises solutions.

Download the Secureworks State of the Threat report for more advice on securing your most valuable business assets.

© 2024 SecureWorks, Inc. All rights reserved.

Powered by Ceros

Exploiting file transfer services gives threat groups like Clop operator GOLD TAHOE, the group behind the MOVEit Transfer attacks, access to shared files. Some of these may come from third parties, as for example in the Zellis payroll compromise which formed part of the MOVEit Transfer attacks.

HOW GOLD TAHOE (TA505, FIN11) CONDUCTS ITS ATTACKS

How to detect and mitigate GOLD TAHOE attacks

Exploiting file transfer services gives threat groups like Clop operator GOLD TAHOE, the group behind the MOVEit Transfer attacks, access to shared files. Some of these may come from third parties, as for example in the Zellis payroll compromise, which formed part of the MOVEit Transfer attacks.

Enforce a retention policy on shared files to ensure data is available for only as long as it is needed.

Protect highly sensitive data (like PII) with file level encryption that requires a key that is not stored on the file sharing service.

Implement auditing so that if a breach occurs it can be quickly determined what files were present during relevant time period(s).

Implement network flow monitoring to detect and alert on large data transfers for on-premises solutions.

Encrypt data in transit and at rest

Enable alerting that indicates when files are being accessed and monitor for anomalies.

Download the Secureworks State of the Threat report for more advice on securing your most valuable business assets.

While there is little an organization can do to prevent a breach of a trusted third-party, especially through the abuse of a zero-day vulnerability in the vendor's platform, these steps help detect and mitigate the threat posed by GOLD TAHOE.

READ STATE OF THE THREAT REPORT

HOW GOLD TAHOE (TA505, FIN11) CONDUCTS ITS ATTACKS

© 2024 SecureWorks, Inc. All rights reserved.