The company had recently experienced a compromise, and this resulted in a number of fraudulent emails getting sent from the compromised device to several suppliers requesting that future invoices be paid to a new bank account.
The technical security controls in place at the company were very limited, including a basic Wi-Fi modem firewall with limited anti-virus protection. These controls were not configured or managed effectively leaving gaps in their ability to protect the organisation.
Cube Cyber were engaged to provide investigative assistance with the incident and recommend possible solutions to improve overall security and prevent further occurrences. Our team initially analysed the current threat and assisted the customer in recovering from the attack. Once the source of the comprise was dealt with, Cisco Umbrella and Cisco AMP for Endpoints was deployed to ensure there were no compromised hosted or malicious activity remaining on the network.
In addition to bolstering security against ransomware and other Internet threats, Cisco Umbrella enabled the company to control and filter the types of websites that staff accesses while using corporate devices, both on and off site. Cisco AMP for Endpoints was deployed to rapidly detect, contain, blocks and remediate advanced malware and threats across in real-time should a similar incident occur in the future.