Scenario: Org2 is a specialist technology company based in the UK. The Org2 IT security operations team responded to an alert from its corporate anti-virus provider that a copy of password stealing malware had been found on three of its domain controllers. This was a serious incident, and an investigation [...]
The use of email cloud technology offers innumerable advantages over the classic on-premises solution. Unfortunately, it comes with its own trade-offs from a cybersecurity standpoint as this financial service provider organization discovered.
A cyber criminal was able to gain unauthorized access to a business email account and created a process that all emails containing Personal Identifiable Information as well as credit card numbers were forwarded to his own personal email account.
The organization was at a critical point, their current cybersecurity provider was unable to provide the assistance needed and their confidential information was being extracted in front of their eyes. Mjolnir Security was called in to provide a holistic approach where not only the current threat was resolved, but also other existing yet undetected by the current provided malicious activity were identified. Mjolnir Security provided an Incident Response service to answer the questions of how, what and for how long for did the compromise occur as well as implemented a Security Operations Center as a Service (SoCaaS) coupled with Darknet threat intelligence to assess and identify any other existing threats, within the network or outside, to could pose a risk for the organization. The SoCaaS identified evidence of other earlier compromises as well as exfiltrated information on the Darknet leading the organization to rework their whole cybersecurity solutions and processes.
Zeus, ZeuS, or Zbot is a Trojan horse malware package that runs on various versions of Microsoft Windows. While it can be used to carry out many malicious and criminal ...