TrapX DeceptionGrid Platform for Software Vendor

Additional information

Source: Web-site of vendor

Description

Attackers Target Software Company Project Background - a Technology Evaluation Our case study focuses on a leading software vendor that provides software through cloud services to their customers in healthcare. This customer's information technology team invested very substantially in defense-in-depth cyber defense software. Their security operations center regularly detected malware and was able to routinely remediate all of these known incidents. The customer had a strong industry suite of cyber defense products which included firewalls, anti virus suites, intrusion detection software, endpoint security and other software. Our initial installation included over ten (10) vLANS. DeceptionGrid was placed into operation. Almost immediately the customer information technology staff received multiple High Priority Alerts. These included identified suspicious activity and led to the discovery of several network misconfigurations. Several internal internet addresses were exposed to the internet and open to a variety of high risk protocols. Inbound connections from attackers were operational via SSH, Telnet and Remote Desktop. A TOR (anonymous proxy) obfuscated web crawler had mapped all of the exposed hosts. Some of the malware was automatically trapped and injected into the sandbox by DeceptionGrid for continued analysis. The attackers had multiple command and control points and had bypassed the complete array of existing security. Multiple Concurrent Attackers Detected and Remediated A full investigation continued as DeceptionGrid continued to monitor and capture malware movement. Multiple command and control point in six (6) workstations were linked to attackers in Beijing China, Moldava, and the multiple locations within Ukraine. Dozens of workstations had to be reprovisioned to eliminate access. Manual memory dump and analysis was required across many information technology assets to identify the full scope of the extensive and previously undetected attacker activity. Scope of Data Theft Remains Indeterminate Multiple attackers accessed this technology company's networks workstations and servers. The scope of intellectual property data exfiltration and theft is unknown but under continued investigation. 

Details

Business tasks

Ensure Security and Business Continuity

Problems

Risk of attacks by hackers

Risk of data loss or damage

Risk of lost access to data and IT systems