Dtex Systems Case Studies Financial Services Organization Stops Attack Targeting a Senior Executive

Edit This Case Study Record

	Financial Services Organization Stops Attack Targeting a Senior Executive Dtex Systems

Financial Services Organization Stops Attack Targeting a Senior Executive

Dtex Systems

Technology Category	Cybersecurity & Privacy - Endpoint Security Cybersecurity & Privacy - Network Security
Applicable Industries	Finance & Insurance
Applicable Functions	Business Operation
Use Cases	Cybersecurity Fraud Detection
Services	Cybersecurity Services System Integration
Challenge	A large financial services company with over 10,000 employees was the target of a java backdoor attack aimed at a senior executive. Despite having several antivirus, endpoint detection and response (EDR), and email security tools in place, the attack managed to bypass these defenses and land on the executive's computer. The malware used common administrative commands, which did not trigger alerts from the other security solutions. Without the visibility provided by DTEX, the attack would have gone undetected, potentially leading to data theft, sabotage, lateral movement within the organization, or worse. The malware was delivered via a phishing email that appeared to be shipping-related, which the executive was expecting. The email contained a malicious link that pointed to a compromised Turkish website that downloaded the malware. The malware then hid itself by creating a new temporary folder on the desktop and moving all associated files to this location. It also created a new path in the registry directory, setting up a persistent foothold on the machine, and took several actions to enumerate the environment. Read More
About Customer	The customer is a large financial services company with more than 10,000 employees. The company was the victim of a java backdoor attack that targeted a senior member of the company. Despite having several antivirus, endpoint detection and response (EDR), and email security tools deployed, the attack managed to bypass these defenses and land on the computer of a high-ranking employee. The malware used common administrative commands, which did not trigger alerts from the other security solutions. The attack was delivered via a phishing email that appeared to be shipping-related, which the executive was expecting. The email contained a malicious link that pointed to a compromised Turkish website that downloaded the malware. Read More
Solution	DTEX was the only solution that looked at the context of the scenario and took into account the fact that these activities were highly suspicious for this specific user. Therefore, it alerted on this potential malware activity immediately. After the initial malware was identified, the customer's security team conducted searches of those indicators of compromise across the rest of the user environment, in order to establish if any other users had interacted with similarly-themed emails or anomalous instances of Java-related activities. With DTEX, these searches were conducted organization-wide in minutes. The company immediately decided to wipe and decommission the device. They could also quickly confirm that this phishing email was a targeted attack to this particular user that did not affect any other users, nor did it spread laterally throughout the organization. Without DTEX, not only would the customer have never have found this major threat, but they also would have lacked the visibility and audit trail to conduct a quick and thorough investigation. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Endpoint Security

Cybersecurity & Privacy - Network Security

Applicable Industries

Finance & Insurance

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Fraud Detection

Services

Cybersecurity Services

System Integration

Challenge

A large financial services company with over 10,000 employees was the target of a java backdoor attack aimed at a senior executive. Despite having several antivirus, endpoint detection and response (EDR), and email security tools in place, the attack managed to bypass these defenses and land on the executive's computer. The malware used common administrative commands, which did not trigger alerts from the other security solutions. Without the visibility provided by DTEX, the attack would have gone undetected, potentially leading to data theft, sabotage, lateral movement within the organization, or worse. The malware was delivered via a phishing email that appeared to be shipping-related, which the executive was expecting. The email contained a malicious link that pointed to a compromised Turkish website that downloaded the malware. The malware then hid itself by creating a new temporary folder on the desktop and moving all associated files to this location. It also created a new path in the registry directory, setting up a persistent foothold on the machine, and took several actions to enumerate the environment.

About Customer

The customer is a large financial services company with more than 10,000 employees. The company was the victim of a java backdoor attack that targeted a senior member of the company. Despite having several antivirus, endpoint detection and response (EDR), and email security tools deployed, the attack managed to bypass these defenses and land on the computer of a high-ranking employee. The malware used common administrative commands, which did not trigger alerts from the other security solutions. The attack was delivered via a phishing email that appeared to be shipping-related, which the executive was expecting. The email contained a malicious link that pointed to a compromised Turkish website that downloaded the malware.

Solution

DTEX was the only solution that looked at the context of the scenario and took into account the fact that these activities were highly suspicious for this specific user. Therefore, it alerted on this potential malware activity immediately. After the initial malware was identified, the customer's security team conducted searches of those indicators of compromise across the rest of the user environment, in order to establish if any other users had interacted with similarly-themed emails or anomalous instances of Java-related activities. With DTEX, these searches were conducted organization-wide in minutes. The company immediately decided to wipe and decommission the device. They could also quickly confirm that this phishing email was a targeted attack to this particular user that did not affect any other users, nor did it spread laterally throughout the organization. Without DTEX, not only would the customer have never have found this major threat, but they also would have lacked the visibility and audit trail to conduct a quick and thorough investigation.

Impact #1	DTEX was the only solution that alerted on the potential malware activity immediately.
Impact #2	The customer's security team was able to conduct searches of those indicators of compromise across the rest of the user environment in minutes with DTEX.
Impact #3	The company was able to quickly confirm that this phishing email was a targeted attack to this particular user that did not affect any other users, nor did it spread laterally throughout the organization.

Impact #1

DTEX was the only solution that alerted on the potential malware activity immediately.

Impact #2

The customer's security team was able to conduct searches of those indicators of compromise across the rest of the user environment in minutes with DTEX.

Impact #3

The company was able to quickly confirm that this phishing email was a targeted attack to this particular user that did not affect any other users, nor did it spread laterally throughout the organization.

Benefit #1	Time-to-Resolution: Detected in real time, resolved in 24 hours.

Benefit #1

Time-to-Resolution: Detected in real time, resolved in 24 hours.

Download PDF Version

Overview

Financial Services Organization Stops Attack Targeting a Senior Executive

Operational Impact

Quantitative Benefit