Our team was contacted by one of the largest players in the gig economy, which provides an online platform for placing orders for transportation services.
Our client was the victim of a ransomware email attack after hackers gained access to and control of a number of sensitive company databases. They threatened to compromise external services and corrupt data.
We were asked to become part of a remote international incident response team consisting of various cybersecurity experts with different backgrounds and skill sets from around the world.
CUSTOMER REQUIREMENTS
The challenge for our team was multifaceted:
KEY STEPS
Over the course of three weeks, three teams working in 8-hour shifts followed a unified plan with delegated tasks and provided real-time status updates for incident management. To successfully resolve the incident, we performed several types of work:
FEATURES
During the investigation, we found both traces of the attackers' actions and numerous errors in the security system configuration that could have led to a potential compromise. After conducting a full-scale assessment of the compromise of the client's infrastructure, we prepared a detailed report and provided recommendations for improving the client's cyber resilience.
WIFI hacking scenario:
Here, the scenario boils down to creating a fake access point with a fake captive portal, DoS-attacking the legitimate access point, and using the fake point to steal login credentials to the corporate WPA network.
With a coordinated team response, we improved visibility into the cyber incident that occurred and allowed our client to manage the response with more control, greater efficiency, and reduced time between detection and remediation. During the investigation, we identified numerous critical misconfigurations that could have been used by attackers as entry points. We hardened the system, which allowed us to restore normal operations, and informed our client about which systems were compromised.
All findings were documented with and proposed remediation actions in accordance with cybersecurity best practices.