Rosgeologia repelled a cyber attack using the Group-IB Threat Hunting Framework

2021: Group-IB Threat Hunting Framework Implementation

On September 16, 2021, Group-IB announced that, together with the Russian geological holding Rosgeologia, it had put into commercial operation a solution - Group-IB Threat Hunting Framework (THF), designed to protect the infrastructure of enterprises from cyber threats. The decision of Group-IB has already made it possible to stop and localize a targeted attack on a state-owned company by, presumably, a foreign state. Earlier, Group-IB reported that in the first half of 2021, almost 3 times more attacks on critical infrastructure were recorded in Russia than in the entire 2019.

Digitalization of subsoil use is one of the main priorities of Rosgeology. The holding actively introduces digital technologies, pays special attention to cybersecurity and the protection of its intellectual property related to the implementation of geological exploration work in the interests of Russian and foreign subsoil users. As a preventive measure to protect the IT infrastructure from targeted attacks, ensure continuity of production processes and protect equipment from failure as a result of cyber incidents, at the end of 2020, the state-owned company in the "pilot" mode installed the Threat Hunting Framework system from Group-IB for proactive threat hunting (Threat Hunting) both within the perimeter of the organization and beyond.

By protecting large industrial facilities, THF eliminates costs associated with enterprise downtime due to a cyber attack, and optimizes costs by partially automating incident response and investigation tasks. By correlating disparate telemetry alerts from different parts of the infrastructure, automatically combining them into incidents, prioritizing them, and providing rapid response capabilities from a single interface, THF significantly increases the efficiency of the information security team.

In March 2021, the THF system recorded a suspicious entrance to the protected perimeter of Rosgeology, the data was transferred to the CERT-GIB 24-hour Information Security Incident Response Center. Group-IB specialists found that cybercriminals penetrated the mail server and are trying to launch a malicious program. Having received the necessary information about the attack, the security service of Rosgeology promptly localized and eliminated the threat.

The emergence of various cybergurosis and the spread of malicious software poses new tasks for us in the field of cybersecurity, - said Stanislav Ignatov, Director of the Information Security Department of Rosgeology. - Stable and continuous operation of the holding depends on reliability, including digital frontiers. It's not enough to just install a cybersecurity solution. It should represent the ability to collect data to investigate an incident, identify the causes of its occurrence, associate attacks with attackers and determine their motives. Thanks to the decision of Group-IB, we were able to quickly repel a targeted attack without significant consequences for the holding.

Combating targeted attacks requires an integrated approach that includes analyzing network traffic, malicious and malicious behavior, ON protecting, email automating response processes and proactively searching for threats, "confirmed Group-IB, Nikita Kislitsin head of network security. - We are pleased that our Threat Hunting Framework solution has successfully passed the pilot operation phase and has been implemented to protect such a multidisciplinary client as Rosgeologia. It is important that the holding takes a proactive position and regularly conducts a detailed analysis of cyber threats characteristic of the industry.