Infopercept Briefings :
We, Infopercept, are a leading Managed Security Services Provider. We advise our clients regarding measures to beef up their cyber security. Cyber security crisis management and quick incident response are some of the key areas addressed by us.
We have created a case study to understand how breaches occur, how the incident response teams respond, and the associated remedial actions taken. The case study is based on real events. But due to the sensitive nature of the event, names have been concealed and certain facts pertaining to the company have been fictionalized.
A financial company dealing in banking services and credit card businesses is headquartered in the Middle East with many branches spread across several cities. There were talks of a mega merger. On a Wednesday afternoon, just before a 3 day weekend, the CIO received a ransom email from an unknown entity, stating that they knew about the merger plans and also had personal data of more than 2 lac customers.
As a sample, private details of five hundred customers were enclosed within the ransom email as "proof". The threat : Unless a major ransom was paid in Bitcoin they might leak the merger plans and sell the client info. Along with a Legal company , Infopercept , as a Managed Security Services Provider, was also appointed to manage and advise on the incident response. We commenced work right away, power-assisted by the expert competent teams, to assess and measure the volatility of the threat.
Our “Security Optimization Centre” was set up as a primary step to validate the threat. We found a discussion on a hacker website, within the dark net, that talked about the availability of personal information of 2 lac account holders of our client. Additionally, personal details of 500 customers were also provided as proof.
“To catch a thief you must think like a thief.” is an age old saying.
The RED TEAM of Infopercept works on the aforementioned proverb. Although simple in nature, it is the core strategy of Infopercept. This is implemented as soon as the security audit is completed.
The RED TEAM MEMBERS are our Ethical Hacking Consultants; experts, who test various aspects of an organization’s network in the interest of identifying and resolving vulnerabilities.
Our team plunged into action, and within a few hours they were able to record and safeguard the relevant server logs. A big crisis was averted and further damage prevented, as the malware was identified and neutralized immediately which was still active on our clients network.
Even as these activities were occuring, all other communicating channels were simultaneously secured which were used between the customer, the advocates and the forensic analysts.
After thorough analysis of the sample data that was compromised, we concluded that it was indeed the client data that was compromised and security was breached.
On further analysis of the server log noise, we figured out that in reality personal data records of 500 employees were only missing and the rest of the data was safe. This also led us to doubt if the hackers had any reliable information about the merger.
Even as the cyber team was securing the network, another team began work on drafting and implementing guidelines for various other communications and reports that were to be generated. Immediate action was taken regarding communicating to the relevant authorities, the affected 500 customers, other staff members etc.
It had become clear that apart from the data of the 500 customers, the hackers didn’t have any other data or information regarding the upcoming merger. Thus with consensus from the company, the legal team, and us, it was mutually decided not to pay the ransom.
But action had to be taken regarding the leaked data. As it contained the customer’s name, contact details, email addresses etc., it was decided to inform them of the breach and caution them against falling prey to fraudulent emails or calls. The customer care executives too were informed and were prepared to handle queries pertaining to the same.
A press conference was called and relevant details were given out. The concerned authorities such as the monetary authority and the administrative authority were briefed within 24 hours of the receipt of the ransom email. This was done even before the customers were informed about the breach.
We wanted to ensure that the line of communication was transparent right from the beginning till the end of the investigation. This was done so that the legal team, the security team members, and the government authorities were all on the same page and there was no miscommunication.
We further reiterated that from then on, there will be sharing of information among the involved parties with regular updates. We advised the customers to strengthen their online security, be alert to any unusual activity, and inform the security team in case of any suspicion.
Listed below are the findings of our investigation and also solutions to queries raised to us.
After the great job done by Infopercept’s RED TEAM,BLUE TEAM, GREEN TEAM, PURPLE TEAM, and PINK TEAM for 180 days, our clients were extremely satisfied with the result. We were asked to look after their security systems for a year and set up their SOC, TOC and COC centres for a year. We further advised them to be alert to any suspicious activity and report at once to our security team. We also taught them the remedial actions to be taken in case of a future attack. As part of strengthening their network we asked them to segregate their activities related to their daily dealings from the network that deals with storage of sensitive data and information pertaining to their customers. We also worked closely with them in reframing their cyber security policies and procedures and increasing awareness among their employees.