Dtex Systems Case Studies Detecting a Java Backdoor with Dtex

Edit This Case Study Record

	Detecting a Java Backdoor with Dtex Dtex Systems

Detecting a Java Backdoor with Dtex

Dtex Systems

Technology Category	Cybersecurity & Privacy - Endpoint Security Cybersecurity & Privacy - Network Security
Applicable Industries	Finance & Insurance
Applicable Functions	Business Operation
Use Cases	Cybersecurity
Services	Cybersecurity Services
Challenge	A large financial services company with over 10,000 employees was the victim of a java backdoor attack that targeted a senior member of the company. Despite having several AV, EDR, and email security tools deployed, the attack managed to slip through and land on the computer of a high-ranking employee. The malware utilized commonplace admin commands, which other solutions did not alert on. Without Dtex's visibility and alerting, the attack would have gone undetected, potentially leading to data theft, sabotage, lateral movement within the organization, or worse. Read More
About Customer	The customer is a large financial services company with more than 10,000 employees. The company was the victim of a java backdoor attack that targeted a senior member of the company. Despite having several AV, EDR, and email security tools deployed, the attack managed to slip through and land on the computer of a high-ranking employee. The malware utilized commonplace admin commands, which other solutions did not alert on. Without Dtex's visibility and alerting, the attack would have gone undetected, potentially leading to data theft, sabotage, lateral movement within the organization, or worse. Read More
Solution	Dtex was the only tool that contextualized this activity within the user's full story and therefore was the only one to pinpoint the threat, while building a full audit trail. Dtex's detection and forensic capabilities enabled a complete time to resolution of under 24 hours. When the user opened the email and clicked the link, the device was pointed to a malicious domain and downloaded a jar file named 'ShipmentLabel'. The malicious executable then rendered itself hidden by creating a new temporary folder on the desktop and moving all associated malware files to this new location. It also created a new path in the registry directory, setting up a persistent foothold on the machine, and took a number of actions to enumerate the environment. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Endpoint Security

Cybersecurity & Privacy - Network Security

Applicable Industries

Finance & Insurance

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Services

Cybersecurity Services

Challenge

A large financial services company with over 10,000 employees was the victim of a java backdoor attack that targeted a senior member of the company. Despite having several AV, EDR, and email security tools deployed, the attack managed to slip through and land on the computer of a high-ranking employee. The malware utilized commonplace admin commands, which other solutions did not alert on. Without Dtex's visibility and alerting, the attack would have gone undetected, potentially leading to data theft, sabotage, lateral movement within the organization, or worse.

About Customer

The customer is a large financial services company with more than 10,000 employees. The company was the victim of a java backdoor attack that targeted a senior member of the company. Despite having several AV, EDR, and email security tools deployed, the attack managed to slip through and land on the computer of a high-ranking employee. The malware utilized commonplace admin commands, which other solutions did not alert on. Without Dtex's visibility and alerting, the attack would have gone undetected, potentially leading to data theft, sabotage, lateral movement within the organization, or worse.

Solution

Dtex was the only tool that contextualized this activity within the user's full story and therefore was the only one to pinpoint the threat, while building a full audit trail. Dtex's detection and forensic capabilities enabled a complete time to resolution of under 24 hours. When the user opened the email and clicked the link, the device was pointed to a malicious domain and downloaded a jar file named 'ShipmentLabel'. The malicious executable then rendered itself hidden by creating a new temporary folder on the desktop and moving all associated malware files to this new location. It also created a new path in the registry directory, setting up a persistent foothold on the machine, and took a number of actions to enumerate the environment.

Impact #1	Dtex was the only tool that contextualized this activity within the user's full story and therefore was the only one to pinpoint the threat, while building a full audit trail.
Impact #2	Dtex's detection and forensic capabilities enabled a complete time to resolution of under 24 hours.
Impact #3	With Dtex, they were able to definitively confirm that no other users were affected and no further lateral movement took place.

Impact #1

Dtex was the only tool that contextualized this activity within the user's full story and therefore was the only one to pinpoint the threat, while building a full audit trail.

Impact #2

Dtex's detection and forensic capabilities enabled a complete time to resolution of under 24 hours.

Impact #3

With Dtex, they were able to definitively confirm that no other users were affected and no further lateral movement took place.

Benefit #1	Time-to-Resolution: Detected in real time, resolved in 24 hours

Benefit #1

Time-to-Resolution: Detected in real time, resolved in 24 hours

Download PDF Version

Overview

Detecting a Java Backdoor with Dtex

Operational Impact

Quantitative Benefit