TrapX DeceptionGrid Platform for financial industry

Attackers Target Authentication Data Project Background - a Technology Evaluation Our financial case study focuses on a global insurance institution. Prior toour involvement, there were absolutely no indicators of malware infection or persistent threats visible to the customer. The customer had a robustindustry suite of cyber defense products which included a firewall, antivirussuites, intrusion detection software, endpoint security and othersoftware. Within a short period of time, the TrapX DeceptionGrid generatedALERTS and identified two malicious separate processes involved inunauthorized lateral movement within the insurance company network. Upon analysis it was determined that both of these malicious processeswere communicating with multiple connection points in Russia. These connection points in Russia and the other injected softwarecaptured worked together as an advanced password stealer. The attackerspenetrated the network and had captured password information. This targeted theft of authentication credentials represented a serious threat tothe integrity of the company's overall operations. At this time it has notbeen determined to what extent passwords were captured prior todetection. Other malware of lower risk identified by DeceptionGrid included Trj/Downloader.LEK Trojan, TROJ_QHOST.DB Trojan, and theW32.Greypack worm. All of these were not detected by the customersexisting cyber suite. Analysis suggests at least one of them might havebeen detected but the alerts were missed against the volume of overallalert traffic. Critical and Confidential Authentication Credentials at Risk TrapX determined that critical and confidential password data was beingexfiltrated to Russia. The scope of data compromise is still underinvestigation at this time and the global insurance firm has taken preemptivemeasures to replace credentials on suspected software systems.