Post by CyberCX

🎤 At Splunk Go Sydney, CyberCX Security Operations Centre (SOC) Manager Fariha Uddin gave a behind the scenes look into a real-life Bumblebee malware incident, and the SOC tradecraft required to spot similar campaigns before they become full‑scale crises.    "The initial compromise happened from a trojanised VMware administration tool, RVTools, downloaded from an SEO‑poisoned search result," Fariha explained.   She said the trojanised application blended in using living‑off‑the‑land techniques: "The RVTools installer kicked off the Bumblebee loader execution, achieved by DLL side loading technique, and subsequently leading to domain generation algorithm (DGA) to establish communication with the command-and-control server."   Fariha added that CyberCX's SOC team were able to quick identify the threat and quarantine the device using Splunk SOAR (Security Orchestration, Automation, and Response), a platform designed to enhance security operations by automating repetitive tasks, orchestrating workflows, and enabling faster responses to threats.