The use of email cloud technology offers innumerable advantages over the classic on-premises solution. Unfortunately, it comes with its own trade-offs from a cybersecurity standpoint as this financial service provider organization discovered.
A cyber criminal was able to gain unauthorized access to a business email account and created a process that all emails containing Personal Identifiable Information as well as credit card numbers were forwarded to his own personal email account.
The organization was at a critical point, their current cybersecurity provider was unable to provide the assistance needed and their confidential information was being extracted in front of their eyes. Mjolnir Security was called in to provide a holistic approach where not only the current threat was resolved, but also other existing yet undetected by the current provided malicious activity were identified. Mjolnir Security provided an Incident Response service to answer the questions of how, what and for how long for did the compromise occur as well as implemented a Security Operations Center as a Service (SoCaaS) coupled with Darknet threat intelligence to assess and identify any other existing threats, within the network or outside, to could pose a risk for the organization. The SoCaaS identified evidence of other earlier compromises as well as exfiltrated information on the Darknet leading the organization to rework their whole cybersecurity solutions and processes.