Data Exfiltration & Extortion
Hackers stole a staggering 3TB of data and then presented ransom demands to avoid its publication and distribution on the dark web. The stolen data included personal and sensitive personal information belonging to tens of thousands of individuals.
We devised the response strategy and then brought together a specialist team to seamlessly deliver the remedial action required, which included negotiations with the threat actor, restoration of data from back-up and remediation of the client’s environment, support with an ICO investigation, and notifications to the client’s key customers and stakeholders.
Due to our efforts, the client faced nil claims and no enforcement action.
Finance
DDoS & Supply Chain Compromise
A key member of our client’s supply chain was targeted by hackers who encrypted its systems and launched a DDoS attack on its website when it refused to pay a ransom. The impact on our client was significant across its global customer base.
We engaged with the incident response vendors acting for the supply chain partner to understand the security risk to our client through connected systems and then created a red network to contain any propagation, while hardening controls and stepping up threat hunting on the rest of the environment.
We also checked the extent of third-party processing and data deletion to create a profile of the data subjects likely affected for whom our client had responsibility as controller, and thereafter notifying and liaising with the relevant supervisory authorities, while risk assessing and making notifications to individuals as required by law.
Our mitigation steps were highly effective, resulting in just a fortnight’s disruption and no loss of revenue for our client.
Retail
APP Fraud
Our clients' emails were intercepted and invoice details manipulated, allowing fraudsters to divert funds during a container leasing transaction between our client, a marine cargo company in the UK, and the counterparty in Latvia.
We secured and removed the threat actor’s presence from the client’s IT environment, while simultaneously tracing and successfully recovering 80% of the diverted funds from a network of banks across the UK, Spain, and France.
Transport & Logistics
Software Misconfiguration
We managed the response to a data breach arising from a configuration error on software used to produce statistical analyses from crime occurrence logs. The breach involved the inadvertent disclosure online of highly sensitive and detailed data on sexual offences, including victims and perpetrators.
Key activities included: risk assessing, notifying and counselling the affected individuals, media engagement, representing our client in the regulatory investigation, identification and remediation of the relevant configurations, and advice on improvements in detection and governance.
Public services (Emergency Services)
Mobile Malware and VM Hacking
Our client’s CEO was targeted by a drug cartel who successfully installed malware on his mobile phone, obtained credentials to access his voicemail, and took over several of his social media accounts, as well as WhatsApp and Signal. From there the cartel impersonated our client to deceive his contacts and secure significant wire transfers of funds by deception.
We worked alongside the Security Ops teams at T-Mobile and Meta to recover our client’s accounts and enforce a hard reset of his credentials. Signal was more challenging because of its open-source distributed technology, so we devised a persistent brute force response utilising hacker techniques.
Our strategy successfully displaced the threat actor and eventually allowed us to regain account control.
Finance
Restricted Transfer Infringements
A series of poorly-informed executive decisions led to our client outsourcing its web development, hosting and data processing to third countries without an adequate decision or suitable protections, including Australia, Nepal and Pakistan. The new CEO called us for advice and thereafter extended our remit to implement remediation at pace to mitigate the risk of regulatory sanctions.
We terminated the unlawful hosting and processing arrangements immediately, albeit with a full commitment from the vendors to support our steps to move operations to new hosts in the UK. We prepared the new contractual framework, including the specification of appropriate organisational and technical measures to protect the client’s data. We also engaged with the ICO on the client’s behalf to manage regulatory fallouts.
Public Services (Charity)
Hardware Theft
Following a data breach caused by the theft of a hard drive from an employee’s vehicle, we were called in to manage the incident, analyse the data, assess the risk, and advise on reporting to the ICO and notification to data subjects.
Through empirical testing of the client’s security and careful presentation of the results we were successful in the negotiation of an ICO closure notice. No further action was taken against our client.
Finance
Business Email Compromise
A university whose Office365 environment was breached fell victim to a Business Email Compromise, affecting both staff and students. Incident protocols were inadequate, so they reached out to us for help.
Using proprietary technology, we were able to accelerate our analysis of the attack’s scope and risk assess all affected accounts, before reporting to the client with our findings within just four days, also limiting the need for further manual analysis of those accounts deemed to be at ‘high risk’ by the client’s HR team.
Gun to tape, we resolved the incident in less than four weeks.
Public services (Education)
