Advanced Business Solutions MENA FZCO

Advanced Business Solutions MENA FZCO ABS( Advanced Business Solutions ) is The leading company in providing latest technology in the IT-S https://g.page/ABS-Mena?gm

Advanced Business Solutions, based in Silicon Oasis, Dubai, UAE, is an IT security industry provider and value added distributor throughout the MENA region. We specialize in working with organizations of all sizes by deploying world-class IT security solutions and support. Our agile business model offers 24/7 communication with our team members and extensive channel partners who reside in all time

zones. No matter what your company requires, our staff and partners are ready to troubleshoot and safeguard your network. We serve the entire MENA region relying on our strong channel partners. We always look to expand our partner network so if you are interested please contact us to setup a meeting with us. Advanced Business Solution's mission is to exceed your expectations while providing you advanced security encryption at competitive prices. ABS MENA is proud to be a region distributor for major and famous brands such as: Webroot, SpamTitan, Quarri, Safetica, Network Box and Infowatch.

اطّلع على ABS-MENA Advanced Business Solutions MENA على Google!

أعلنت شركة Sangfor عن الإطلاق الرسمي لمركز الدعم الفني (TAC) الجديد في القاهرة، مصر.سيعمل هذا المركز كمحور إقليمي مخصص ل...
23/03/2026

أعلنت شركة Sangfor عن الإطلاق الرسمي لمركز الدعم الفني (TAC) الجديد في القاهرة، مصر.

سيعمل هذا المركز كمحور إقليمي مخصص لتقديم الدعم، حيث سيساهم في مساعدة الشركات في منطقة الشرق الأوسط وأفريقيا من خلال توفير دعم فني سريع وموثوق لما بعد البيع، باللغتين العربية والإنجليزية.

Sangfor #

HUMAN ERROR CAUSES TERRORIN A HEALTHCARE ATTACKA private medical facility fell victim to a STOP/Djvu ransomware attack.T...
29/11/2024

HUMAN ERROR CAUSES TERROR
IN A HEALTHCARE ATTACK
A private medical facility fell victim to a STOP/Djvu ransomware attack.

The customer contacted the Sangfor Cyber Guardian IR team three hours after detecting this worrying issue, allowing us to preserve all system logs before they could be overwritten.
The IR investigation found that the attack originated because of a lapse in judgment by a member of the IT staff.

The staff member had downloaded printing software from an untrusted source onto a computer that had Windows Defender disabled and no antivirus installed.

This was done to avoid interference with testing activities.
The downloaded file turned out to be malicious and led to ransomware encryption that spread to shared folders on the network.
Fortunately, the damage was limited to three machines, as all other computers were protected by Sangfor Endpoint Secure.

LESSONS LEARNED
- Conduct regular cybersecurity awareness training, including the reminder to download software only from trusted and official sources.

- Ensure endpoint security like Sangfor Endpoint Secure is deployed and enabled on all machines on the network and configured to receive the latest signature updates.

- Segregate and isolate test environments from the primary network if they don’t comply with all security policies.

Always remember
SANGFOR CYBER GUARDIAN MDR - Faster Response Through Human/AI Collaboration
SANGFOR CYBER GUARDIAN TIARA - Intel-led Threat Analysis and Assessment
SANGFOR ENDPOINT SECURE - The Future of Endpoint Security




FAKE IT TILL YOU MAKE ITA large manufacturing company was the target of a Mallox ransomware attack that "encrypted" a la...
30/10/2024

FAKE IT TILL YOU MAKE IT

A large manufacturing company was the target of a Mallox ransomware attack that "encrypted" a large number of files on a single computer with Sangfor Endpoint Secure installed.
Multiple system logs had been overwritten by newer logs, preventing the discovery of the entry point.

A closer examination revealed that "encrypted" files were merely renamed with the extension ".FARGO4" instead of actually being encrypted.

The affected files were still readable and intact after the extension was removed.

Sangfor Endpoint Secure logs showed that it had blocked the ransomware encryption process and captured the payload file.
We believe that the failed encryption forced the attackers to resort to mass-renaming the files in an attempt to simulate a ransomware attack and extract a ransom payment.

LESSONS LEARNED

- Conduct periodic VAPT like Sangfor Cyber Guardian TIARA service to identify and fix potential security gaps that could be exploited for initial access.

- The customer was in the process of establishing their own security operations center (SOC). Consider subscribing to a managed security service like Sangfor Cyber Guardian MDR to minimize the initial investment and gain expert support.

Always remember
SANGFOR CYBER GUARDIAN MDR - Faster Response Through Human/AI Collaboration
SANGFOR CYBER GUARDIAN TIARA - Intel-led Threat Analysis and Assessment
SANGFOR ENDPOINT SECURE - The Future of Endpoint Security

NOESCAPE ON OIL & GAS COMPANY

An APAC-based oil and gas producer was compromised by the NoEscape ransomware.

Fortunately, the attack was limited to a single section of the company's network, thanks to an effective network segmentation strategy in place.
However, it was discovered that all Windows logs were completely erased on two servers and erased for specific dates in web application logs.

We deployed Sangfor Endpoint Secure to speed up the IR investigation and successfully located the malicious files left by the hacker.

We concluded that the root cause of the attack was from the exploitation of an unpatched web application vulnerability.
It’s unknown why the customer’s endpoint security product failed to block malicious files used in the attack despite being up to date.

LESSONS LEARNED
- Establish standard vulnerability management practices to ensure the timely discovery and remediation of
vulnerabilities.
- Conduct periodic VAPT like Sangfor Cyber Guardian TIARA service to test the effectiveness of endpoint security controls.
- Implement effective network segmentation using products like Network Secure firewall to limit damage to one section of the network in the event of a breach.

Always remember
SANGFOR CYBER GUARDIAN - Faster Response Through Human/AI Collaboration
SANGFOR CYBER GUARDIAN - Intel-led Threat Analysis and Assessment



NOESCAPE ON OIL & GAS COMPANYAn APAC-based oil and gas producer was compromised by the NoEscape ransomware.Fortunately, ...
29/09/2024

NOESCAPE ON OIL & GAS COMPANY

An APAC-based oil and gas producer was compromised by the NoEscape ransomware.

Fortunately, the attack was limited to a single section of the company's network, thanks to an effective network segmentation strategy in place.
However, it was discovered that all Windows logs were completely erased on two servers and erased for specific dates in web application logs.

We deployed Sangfor Endpoint Secure to speed up the IR investigation and successfully located the malicious files left by the hacker.

We concluded that the root cause of the attack was from the exploitation of an unpatched web application vulnerability.
It’s unknown why the customer’s endpoint security product failed to block malicious files used in the attack despite being up to date.

LESSONS LEARNED
- Establish standard vulnerability management practices to ensure the timely discovery and remediation of
vulnerabilities.
- Conduct periodic VAPT like Sangfor Cyber Guardian TIARA service to test the effectiveness of endpoint security controls.
- Implement effective network segmentation using products like Sangfor Network Secure firewall to limit damage to one section of the network in the event of a breach.

Always remember
SANGFOR CYBER GUARDIAN MDR - Faster Response Through Human/AI Collaboration
SANGFOR CYBER GUARDIAN TIARA - Intel-led Threat Analysis and Assessment
SANGFOR ENDPOINT SECURE - The Future of Endpoint Security




SPEAR-PHISHING ALERT: EMAIL FROM AN UNKNOWN "CUSTOMER"An employee at a manufacturing firm received an email containing a...
30/08/2024

SPEAR-PHISHING ALERT: EMAIL FROM AN UNKNOWN "CUSTOMER"

An employee at a manufacturing firm received an email containing a screenshot of a payment receipt, believing it to be from a customer.

However, clicking on the screenshot redirected the user to a gambling website. Worried that this could lead to a malware infection, the company enlisted the services of Sangfor Guardian IR for an investigation.

Fortunately, we found no evidence of harmful files or unauthorized access on the affected computer or within the network.

Further investigation indicated that the email was sent from a foreign payment processing company whose website had been compromised.
It’s likely that this company's email domain was also compromised and used to send spear-phishing emails, as the attached payment receipt showed signs that it was specially crafted.

LESSONS LEARNED

- Block embedded hyperlinks or redirect links, such as href, within emails.

- Conduct staff awareness training to raise caution with emails that have a suspicious context, such as payment receipts with no prior transactions or communications.

- Report unknown or suspicious emails to the security/IT team for investigation.

- Avoid publicly sharing staff email addresses on the internet or web pages.

Always remember
SANGFOR CYBER GUARDIAN MDR - Faster Response Through Human/AI Collaboration
SANGFOR CYBER GUARDIAN TIARA - Intel-led Threat Analysis and Assessment
SANGFOR ENDPOINT SECURE - The Future of Endpoint Security




WEBSITE DEFACEMENT BY SODINOKIBIThe website of a government organization was redirected to gambling and adult content si...
31/07/2024

WEBSITE DEFACEMENT BY SODINOKIBI

The website of a government organization was redirected to gambling and adult content sites when accessed via Google search because of DNS poisoning and cross-site scripting (XSS) attacks.

Management of the website was outsourced, so internal staff lacked knowledge about web security or the website’s structure and framework to facilitate our analysis.

Despite this, we managed to discover reverse shells on the web server that allow remote control, including file encryption.
These web shells were uploaded through an existing web subpage that was susceptible to SQL injection attacks.
Web service logs show that encoded commands were executed from a foreign IP address two months before.
The website homepage was eventually altered, causing it to constantly redirect visitors to unauthorized websites.

The attack was facilitated by the lack of an Intrusion Prevention System (IPS) on the firewall protecting the website’s infrastructure and the absence of endpoint security on the web server, despite it being a government website.

LESSONS LEARNED
- Conduct periodic VAPT like Sangfor Cyber Guardian TIARA service to identify and remediate web application vulnerabilities, such as SQL injection.

- Deploy endpoint security solutions that prevent and mitigate termination, such as Sangfor Endpoint Secure with termination detection and uninstallation password.

- Deploy an endpoint security solution equipped to defend against web shells, such as Sangfor Endpoint Secure.

- Deploy an advanced firewall with IPS and WAF capabilities such as Sangfor Network Secure to block web attacks.

Always remember
SANGFOR CYBER GUARDIAN MDR - Faster Response Through Human/AI Collaboration
SANGFOR CYBER GUARDIAN TIARA - Intel-led Threat Analysis and Assessment
SANGFOR ENDPOINT SECURE - The Future of Endpoint Security



PHOBOS RANSOMWARE MAKES A COMEBACKPhobos ransomware wreaked havoc from when it emerged in 2018 until Q3 of 2022.The infa...
30/06/2024

PHOBOS RANSOMWARE MAKES A COMEBACK

Phobos ransomware wreaked havoc from when it emerged in 2018 until Q3 of 2022.

The infamous ransomware re-emerged in mid-2023, adopted by several APT groups.
Sangfor Cyber Guardian IR was engaged to handle an attack on a large retail organization.
Despite the deletion of key system logs, we were able to analyze the remaining data to understand the attacker's methods.
Our investigation revealed a multi-pronged attack that included stealing credentials, disabling AV/EDR, mapping the network, and exploiting Windows installer files.

We also found leftover files produced by Mimikatz, a tool commonly used for password extraction, indicating that the attacker managed to access sensitive login credentials.

Our Cyber Guardian IR team concluded that infiltration was successful because the AV was disabled, no network monitoring tools to detect command & control communications, and the lack of active security monitoring to detect this event and stop it in time.

LESSONS LEARNED

- Enforce users to change account passwords on a regular basis with strong password requirements.

- Deploy endpoint security solutions that prevent or mitigate termination, such as Sangfor Endpoint Secure with termination detection and uninstallation password.

- Subscribe to Cyber Guardian MDR to monitor hundreds of IT assets on a 24x7 basis.

- Duplicate critical server backups and logs in a segmentized network.

Always remember
SANGFOR CYBER GUARDIAN MDR - Faster Response Through Human/AI Collaboration
SANGFOR CYBER GUARDIAN TIARA - Intel-led Threat Analysis and Assessment
SANGFOR ENDPOINT SECURE - The Future of Endpoint Security



ANOTHER DAY WITH LOCKBIT 3.0A government-regulated financial services institution fell victim to a LockBit 3.0 ransomwar...
29/05/2024

ANOTHER DAY WITH LOCKBIT 3.0
A government-regulated financial services institution fell victim to a LockBit 3.0 ransomware attack.

This required a full incident response service, including a special arrangement to deploy Sangfor HCI to capture an image of the impacted system to preserve its integrity, as mandated by local financial regulators.
During the investigation, we found multiple tools on the compromised machine used to carry out the attack, including host discovery tools and PSExec remote connection software.

We also discovered that the 3rd party antivirus software on the machine was disabled.

Sangfor Cyber Guardian IR experts finally traced the attack back to a computer owned by one of the company’s IT maintenance providers, prompting the customer to take over the investigation.

LESSONS LEARNED

- Enable 2FA/MFA and continuously monitor the remote access of all suppliers and other third parties.
- Deploy network monitoring tools like Sangfor Cyber Command to detect irregular traffic patterns, even from trusted sources like suppliers.
- Deploy endpoint security solutions that offer mechanisms to prevent or mitigate termination, such as Sangfor Endpoint Secure with uninstallation password.
- Duplicate critical servers and logs in a segmented network to prepare for regulatory requirements ahead of potential incidents.

Always remember
SANGFOR CYBER GUARDIAN MDR - Faster Response Through Human/AI Collaboration
SANGFOR CYBER GUARDIAN TIARA - Intel-led Threat Analysis and Assessment
SANGFOR ENDPOINT SECURE - The Future of Endpoint Security



IOT VULNERABILITIES EXPLOITED IN THE WILDA multinational logistics company experienced a security breach involving the T...
29/04/2024

IOT VULNERABILITIES EXPLOITED IN THE WILD

A multinational logistics company experienced a security breach involving the TellYouThePass ransomware.

The entry point for the attack was an IoT device with numerous security vulnerabilities.
These vulnerabilities granted the attacker remote access to the company's network and devices.
We discovered several unencrypted JavaScript web shells, which spread the ransomware via remote desktop connections (RDP).

Because the attacker had encrypted the web service logs, some forensic data was unavailable. However, the Sangfor Cyber Guardian IR team identified and verified the IoT’s flaws by exploiting a remote upload vulnerability using publicly available test scripts against it. It's worth noting that another branch of the same company was breached seven months prior via another unpatched vulnerability.
This highlights the importance of timely patching and uniform security policies across branches.

LESSONS LEARNED
- Deploy security tools with dedicated IoT protection, such as the Sangfor Network Secure (formerly NGAF) firewall.

- Deploy network monitoring tools like Sangfor Cyber Command to detect irregular traffic patterns, such as malicious RDP connections.

- Conduct VAPT or leverage the Sangfor Cyber Guardian TIARA service to detect and remediate IoT vulnerabilities.

- Store service logs in a separate environment or solution.

- Continually update corporate IT and security policies and ensure they are applied uniformly across all branches.

Always remember
SANGFOR CYBER GUARDIAN MDR - Faster Response Through Human/AI Collaboration
SANGFOR CYBER GUARDIAN TIARA - Intel-led Threat Analysis and Assessment
SANGFOR ENDPOINT SECURE - The Future of Endpoint Security



RESOURCE CONSTRAINTS AND MISSED NOTIFICATIONS ENABLED A RANSOMWARE ATTACKA construction conglomerate using Sangfor Cyber...
31/03/2024

RESOURCE CONSTRAINTS AND MISSED NOTIFICATIONS ENABLED A RANSOMWARE ATTACK

A construction conglomerate using Sangfor Cyber Command was hit by an unidentified ransomware group. Our investigation revealed that Cyber Command had detected reconnaissance activity 6 months prior to the breach.

However, due to limited staff dedicated to continuous monitoring and improperly set alert notifications, timely action wasn’t taken.

Incomplete web service logs caused by an internal configuration error further complicated the situation.

Despite this, we traced the attacker's techniques using data gathered by Cyber Command and found they exploited a vulnerability in a third-party tool. This tool enabled the attacker to upload encrypted web shells.
We also identified the exploitation script through open-source intelligence (OSINT).
The attack was partly facilitated because the company's 3rd party endpoint security software was not equipped to defend against web shells and ransomware.

LESSONS LEARNED

- Subscribe to a managed security service like Sangfor Cyber Guardian MDR for 24x7 monitoring and immediate response to suspicious activity and successful attacks.

- Deploy an endpoint security solution equipped to defend against web shells and ransomware, such as Sangfor Endpoint Secure.

- Conduct periodic VAPT, such as Sangfor Cyber Guardian TIARA service, to detect and remediate web application vulnerabilities.

- Expand the storage size of web service logs based on the regulatory data retention policy or at least 1 year, whichever is longer to facilitate the investigation.

Always remember
SANGFOR CYBER GUARDIAN MDR - Faster Response Through Human/AI Collaboration
SANGFOR CYBER GUARDIAN TIARA - Intel-led Threat Analysis and Assessment
SANGFOR ENDPOINT SECURE - The Future of Endpoint Security



Address

Dubai Silicon Oasis
Dubai
P.O.BOX341270

Opening Hours

Monday 09:00 - 17:00
Tuesday 09:00 - 17:00
Wednesday 09:00 - 17:00
Thursday 09:00 - 17:00
Saturday 09:00 - 17:00
Sunday 09:00 - 17:00

Telephone

+97143886997

Website

Alerts

Be the first to know and let us send you an email when Advanced Business Solutions MENA FZCO posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Advanced Business Solutions MENA FZCO:

Shortcuts

Share