Incident Response
Who is the customer – Law Firm
- Law firm located in financial district in Toronto
- 50+ Employees
- Immature Security Posture – Managed by external party
- First engaged during Crisis Situation
The Challenge
- Customer was experiencing a ransomware attack by an advanced threat actor who had persistence in the environment.
- Environment was completely compromised including domain controllers
- Ransom was requested and claims of data exfiltration were presented to customer
- Customer required immediate response to resume business operations
- Customer wanted advice and technical intervention
- Customer needed to secure domain and ensure eradication of threat actor persistence
Observations
- Required expert advise on how to better protect digital assets
- Response was time sensitive
- Customer logging was inadequate
- Domain was fully compromised
- Security solutions were misconfigured and not maintained
- Previous assistance from their managed IT partner complicated forensic investigation
Solution/Approach
- Remote access was provided and access granted to their security solutions
- We used our third party tools to complete a forensic investigation and co-ordinate response activities
- Took immediate steps to contain the issue
- Identified the threat and threat actor as well as all indicators of compromise
- Examined network traffic to determine potential data loss exposure
- Provided expert advice on regulatory requirements and next steps
- Restored domain and compromised data
Results
- Resolved a security breach and eradicated threat
- Protected reputation
- Provided reporting and full incident breakdown
- Provided actionable next steps to secure their environment from further attack
Engagement Summary
- exubitech helped the law firm recover from ransomware attack from perpetrated by an advanced threat actor
- Service Categories – Incident Response, Security Health Check, Security Architecture
- Responded to, identified and completely eradicated a sophisticated threat within 48 hours of engagement. Completed complex forensics due to lack of logging and discovered toolsets used for compromise, as well as the entire command and control infrastructure of the adversary using threat intelligence and log analysis.
External Network Penetration Test
Customer Profile – Ontario organization in the energy sector
The Challenge
Medium sized customer with public presence was concerned about security risks associated with a workforce that was suddenly operating remotely, as well as an increasing trend of ransomware attacks. Exubitech conducted an External Network Penetration Test.
Solution/Approach
- Exubi Tech was able to parse the network perimeter to identify areas where sensitive information was being exposed that could be used to gain a foothold on the network
- We identified realistic security threats and helped the customer identify scenarios where their remote access authentication controls could be bypassed by a malicious actor
- Additionally, Exubi Tech reviewed controls in place and provided guidance to mitigate risk and reduce impact of ransomware should a single endpoint become compromised
- As experienced practitioners in both offensive and defensive security programs, we are uniquely positioned to answer questions in all areas of an Information Security program and are happy to discuss and provide guidance in any topic from memory exploits and web application hardening to organizational policies and business continuity planning.
Results
Improved awareness and understanding of overall security posture
- We provided confidence in the implementation of remote access solutions and comfort in their remote workforce
- Clearly identified and articulated risks, and guidance provided to address those risks
- Provided a detailed report, without jargon or pitches, that highlighted both the good and bad aspects of the organization’s security and how to improve it in the most automated, cost-effective manner.
IT Security & General Support
Customer Profile – The client is a privately owned distributor in the GTA. Managing upwards of 100 employees in their location.
The Challenge
The customer’s in-house security resources and practices were not sufficient to meet current and future requirements, especially for a more integrated IT and OT environment.
Development of in-house expertise and tools would take significant time and would not benefit from economies such as sharing of expertise, sharing of experience and immediate access to advanced tools.
Solution/Approach
Exubi tech Security services helped fill the gap quickly without requiring major investments or commitments, and developed a solution that was tailored to meet the evolving and rapidly changing external threat landscape, and customer requirements. Short- and long-term risks for the client were minimized through a Security-as-a-Service strategy in which a rigorous security program complement internal functions.
Exubi tech implemented reasonable administrative, technical and physical safeguards to help protect against security incidents and privacy breaches.
As systems and threats evolve, no system can be protected against all vulnerabilities, and we consider our customers the most important partner in maintaining security and privacy safeguards. Exubi tech continuously strives to improve security and privacy throughout the product lifecycle using practices such as:
• Privacy and Security by Design
• Product and Supplier Risk Assessment
• Vulnerability and Patch Management
• Secure Coding Practices and Analysis
• Vulnerability Scanning and Third-Party Testing
• Access Controls appropriate to Customer Data
• Incident Response
• Clear paths for two-way communication between customers and our client
Results
Exubi tech consumption support services allowed the client to no longer worry about support calls that go on for longer than necessary because of lack of experience or knowledge. Our support staff have greatly improved the end-user experience, allowing the client’s staff to concentrate on delivering great service to their end user customers, all while reducing risk.