case study

Defeating Multiple Simultaneous Attacks on a CSP

Attacked By Multiple Threat-actors Simultaneously

The client was the target of multiple, simultaneous ransomware attacks launched by several threat-actors. The attackers attempted to exfiltrate personally identifiable information and steal the CSP’s proprietary content.

Co-ordinated Kill-switch

Sygnia was engaged to provide incident response services. Sygnia’s incident response team immediately launched multiple workstreams to contain the attack and return operations to normal as quickly as possible. The team promptly identified the scope of compromise and uncovered dozens of hidden backdoors. Stealthy monitoring of ongoing threat-actor activity was also performed to understand the attackers’ objectives and motivations. After enough data was collected, a coordinated kill-switch event was performed, simultaneously removing all attacker access, backdoors, and tools.

Forensic Analysis Uncovers A Four Year Espionage Campaign

As part of the investigation into the ransomware attacks, Sygnia conducted a forensic analysis and constructed a comprehensive attack timeline. During the analysis Sygnia discovered a broad, clandestine espionage campaign that had targeted the client for over four years prior to discovery. Sygnia worked with the client to ensure this campaign was also blocked.

Attacker Re-entry Attempt Detected and Contained

Attacker Re-entry Attempt Detected and Contained Continuous monitoring was put in place to immediately detect and contain any attacker re-entry attempts. The attackers attempted to return but were contained.

Going On The Offensive With Threat Hunting

The persistent attempts of multiple threat-actors to breach the client’s defenses made threat hunting a natural course of action. Sygnia’s threat hunting capability is being leveraged to preemptively hunt for and neutralize threats. Threat hunting includes scanning for known IoC’s, hunting for known and unknown malware and malicious files, utilizing attack scenario-based analysis, and Dark Web searches.

Catalyzing Proactive Security Improvement With a Posture Analysis

Sygnia was also contracted to perform a posture analysis of the organization’s cyber defenses in comparison to best-practices, to form a detailed picture of the organization’s security gaps, strengths and opportunities for improvement. Sygnia provided executives with a strategic overview of the organization’s current security posture, and provided the security organization with detailed, prioritized recommendations prioritized by impact and ease of implementation.

Amplifying Defenses With Velocity MXDR

The client recently deployed Sygnia’s Velocity MXDR for 24×7 monitoring of its environment. Velocity is providing an additional layer of protection that enables earlier detection, containment, and eradication of cyber attacks.

The Outcome

Multiple attackers were rapidly contained, minimizing disruption to operations and stopping the data exfiltration. A corporate espionage campaign against the client was also uncovered and terminated. Tailored security controls were established immediately, along with a cadence of periodic threat hunting. The client also contracted Sygnia to perform posture analysis and deployed Sygnia’s Velocity MXDR to strengthen the organization’s cyber defenses.

Dozens of hidden backdoors were uncovered and removed via a coordinated kill-switch event

subsctibe decor
Want to get in touch?