TrapX DeceptionGrid Platform for National Government

Additional information

Source: Web-site of vendor

Description

Multiple Attackers Penetrate National Agency Project Background - a Technology Evaluation Our case study focuses on a large national government agency. This agency has hundreds of employees and has multiple facilities disbursed over a large geographic area. This agency wanted to learn more about deception technology as part of their regular evaluation of cyber security vendors. Massive Penetration by Attackers Detected in Multiple Areas DeceptionGrid was placed into operation. Starting almost immediately and over the course of several weeks the government security operations command (SOC) team received multiple High Priority Alerts. This was one of the most massive attacks we have ever discovered. We identified multiple attackers in several areas to include over five (5+) attackers using malware servers, over five (5+) attackers linking back data flow to botnet c&c servers and over fifty (50+) remote attackers using TOR anonymous proxy to hide source IP addresses. In some cases the malware was automatically trapped and injected into the sandbox for continued analysis. Multiple attackers had established command and control and had bypassed the complete array of existing intrusion detection, firewall, endpoint and perimeter cyber software defense. Malware found included Cryptowall, P2P Malware, Trojan-Banker, TrojanRansome, Mobogenie.B and WS.Reputation.1.  Exfiltration of Data Discovered - Broadscale Remediation Required It is clear that multiple attackers have successfully exfiltrated data from this government agency. The attack vectors varied substantially and compromised workstations and servers across multiple departments. Required remediation was done on a broad scale and included reprovisioning of both workstations and servers. The government involved has been forced to either re-provision on a large scale, or, to perform more time intensive memory dump analysis to better understand the extent of the penetration by this varied mix of attackers. Source attacker IP adresses as known are confidential at this time and part of an ongoing criminal investigation.

Details

Business tasks

Ensure Security and Business Continuity

Problems

Risk of attacks by hackers

Risk of data loss or damage

Risk of lost access to data and IT systems