March, 2020 — We recently had a Malicious Operation (Malop) pop up for one of our MSP Partners' small business clients and it turned out to be a true hit, with malicious PowerShell on a couple of hosts with RDP (port 3389) open to the internet. Our Malware Prevention thankfully blocked the malicious payloads, but something was still going on that needed to be tracked down and remediated.
Posted on March 17, 2020