By Emmanouil Timoleon Papadakis - Threat Detection Engineering Team Lead and Aristovoulos Gkitsas - SOC Team Lead, of ADACOM – Cybermonth October 2025
In today’s dynamic cybersecurity landscape, threat intelligence, threat detection, and Security Operations Center (SOC) procedures work coherently to form a robust defense against increasingly sophisticated cyber threats. The interplay between these components creates a proactive and adaptive security posture essential for modern organizations.
Threat Detection Research
Traditional signature-based detection methods, while useful as a baseline to understand a security solution’s capabilities, have become insufficient given the complexity, speed, and variety of attack vectors in today’s landscape. When detection rules are enriched with vetted threat intelligence, they gain the ability to more accurately distinguish true threats from false positives that might stem from outdated vendor IoCs.
Continuous adversary emulation exercises, along with Research and Development (R&D), also play a critical role in understanding the threat landscape and training both the Threat Detection Engineering Department and SOC staff. This preemptive approach reduces alert fatigue for SOC analysts and improves the overall precision of detection, leading to faster, more confident, and more effective incident handling.
Security Operations Center Procedures
In our SOC, we orchestrate people, processes, and technologies to deliver continuous monitoring, threat hunting, and immediate threat mitigation. Through our procedures, we bring threat intelligence to the operational level by automating data ingestion into SIEM and SOAR technologies. This enables faster and more accurate incident analysis, accelerates triage and containment, and allows analysts to focus on complex investigations.
Regular training and continuous improvement, through vendor-driven courses, cybersecurity training platforms, certifications, as well as organized training sessions led by senior analysts, ensure the team maintains the skills necessary to address today’s fast-evolving and complex threat landscape.
“Direct Send” Case Study
Earlier this year, in June, Varonis uncovered a massive phishing campaign that exploited Microsoft’s Direct Send feature (used for sending emails directly to mailboxes from a domain you own without requiring user or on-premises connector authentication). Realizing the scope of the attack, our team immediately acted across multiple fronts.
ADACOM’s Orchestration
Based on threat intelligence feeds and the initial disclosure, the Threat Detection Engineering Team first attempted to recreate the attack to understand and then detect it from the logs collected by affected machines.
The abuse of Direct Send allowed attackers to spoof internal users and deliver phishing emails without first compromising an account. This technique was often paired with malicious QR codes, encouraging users to scan them in an attempt to bypass traditional link inspection defenses provided by Secure Email Gateway (SEG) solutions.
After analyzing the attack, ADACOM’s Threat Detection Engineering Team observed that attackers could send spoofed emails to internal users that appeared to originate from legitimate internal addresses, even though the actual sender was unauthenticated. The only requirement was knowledge of the SMTP Smart Host that accepts emails from external hosts. Following refinement and tuning, the detection rule was finalized and deployed to production.
Recognizing the severity and deceptive nature of the attack-capable of fooling even well-trained end users, we immediately categorized its criticality as “High”. Using the newly created detection rules and IoCs our SOC Team proceeded to perform a retrospective Threat Hunt in our clients’ infrastructures and, as a result, we identified multiple vulnerable clients and provided them with relevant incident information along with recommended immediate actions to mitigate the attack and prevent future similar attack vectors.
Awareness as a Security Principle
As this case demonstrates, even legitimate vendor tools designed to assist users can be manipulated into stealthy and convincing attacks. Beyond remediating the immediate threat, our SOC team emphasized the importance of user awareness and a zero-trust mindset to reduce the likelihood of similar attacks succeeding in the future.
For more information, contact us at info@adacom.com