In late 2018 cybercriminals conducted a multimillion-dollar raid on a mid-sized bank. In the chaotic aftermath of the breach, one of the country’s largest banking consortium was compromised by the notorious cybercrime collective Lazarus. Overwhelmed by their sophisticated attacks, massive losses seemed inevitable– until their team asked Ebryx to assist.
A tense war ensued. The adversary met Ebryx’s attempts to protect the client with new attack techniques and patterns. Each preventive control measure was met with new malware and target machines and a revised attack path. Our talented security specialists acted at lightning speed to counter these attacks and predict and preemptively block them from taking place.
To completely contain the attack, our analysts had to get to its core. Our incident response investigation found patient-zero to be an employee who had been tricked into sitting for an interview with the attackers. Our Digital Forensics and Incident Response (DFIR) team contained the attackers in a segment of the user LAN and cut off any possible paths leading to the consortium’s production server.
The banking group knew what was at stake and wanted to engage the best the industry had to offer. The consortium asked several DFIR service providers to assist but found most overpromised and underdelivered. That’s when an expert suggested Ebryx. To test Ebryx’s capability, the group challenged our team to identify the infected machines and produce a forensics report. The expertise and technical detail reflected in the initial test report impressed the consortium, which asked Ebryx to launch a full-scale response to the attack. Not wasting a crucial minute, our analysts dove straight into identifying the problem and isolating the attackers.
With Ebryx’s help, the banking consortium successfully contained the attack on their system. The intrusion made them aware of the gaps in their security posture previously unknown to them. The consortium asked Ebryx to conduct regular incident response drills to train their staff to respond to intrusions and minimize risk. The attack revealed the gaps in the security posture of the finance network and the areas where they stood to improve. Relieved to have contained the threat but cautious for the future, the banking consortium is well-equipped to respond to future cyberattacks.
Share the article with your friends
Proactive Incident Handling for a Ride-hailing Giant
Posted by Editorial Staff Client Overview Our client is a prominent super app headquartered in Dubai, operating extensively across the Middle East, Africa, and South Asia regions, covering numerous cities
Cooking Up Stronger Security for a Leading Meal-Kit Provider
Posted by Editorial Staff Client Overview Our client was a prominent and widely recognized unicorn in the meal-kit industry, operating across the United States and several European regions. The goal
Bridging Security Gaps in Telecom for a Safer Connection
Posted by Editorial Staff Client Overview The client is a fully-owned subsidiary of a leading international telecommunications company in South Asia. In this region, it ranks as the second-largest GSM
