Dtex Systems Case Studies Protecting Trusted Insiders

Edit This Case Study Record

	Protecting Trusted Insiders Dtex Systems

Protecting Trusted Insiders

Dtex Systems

Technology Category	Cybersecurity & Privacy - Network Security
Applicable Functions	Business Operation
Use Cases	Cybersecurity
Services	Cybersecurity Services
Challenge	The enterprise security threat landscape is more complex than ever, with new risks and attack methods emerging faster than we can keep up with them. One established attack vector that shows no signs of slowing down is phishing. As phishing attacks have become more sophisticated, they're increasingly focused on exploiting a key, but often overlooked, vulnerability: the users inside of your network. It is user behavior - the opening, the clicking, the downloading - that serves as the enabler, allowing malicious actors to gain entry to your network and find the valuable personal or company information they're seeking. Recently, a slew of invoice-themed malicious phishing emails was found to have penetrated a customer network - past a tried-and-true network defense system and straight into employee inboxes. A proxy service eventually detected and flagged that users had visited malicious URLs, but there was limited visibility into where and how the attackers entered the network, the number of users affected, and the extent of the potential damage. Read More
About Customer	The customer is a large energy organization with 3,000 employees. The company was the victim of a phishing attack, which occurred due to the failure of perimeter security. The phishing emails managed to penetrate the company's network defense system and landed straight into employee inboxes. A proxy service eventually detected and flagged that users had visited malicious URLs, but there was limited visibility into where and how the attackers entered the network, the number of users affected, and the extent of the potential damage. Read More
Solution	DTEX's Workforce Cyber Intelligence Platform was used to provide critical insights and answer important questions enabling the security team to fully understand the origin and trajectory of the attack, and pinpoint affected users and endpoints. The platform was able to uncover evidence of advanced techniques commonly leveraged to avoid detection and successfully infiltrate employee inboxes. One such technique was the use of polymorphism, including dynamic email subject lines, URLs, document names, and executed payloads. Additionally, the links contained within the phishing emails were found to be addresses of actual company sites that had been compromised and used as transient locations to host malicious documents. DTEX's platform was able to provide answers to critical questions such as which users opened the malicious email, which users clicked on the malicious link or downloaded the attachment, when did the malicious email enter the organization, and which endpoints are potentially compromised. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Network Security

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Services

Cybersecurity Services

Challenge

The enterprise security threat landscape is more complex than ever, with new risks and attack methods emerging faster than we can keep up with them. One established attack vector that shows no signs of slowing down is phishing. As phishing attacks have become more sophisticated, they're increasingly focused on exploiting a key, but often overlooked, vulnerability: the users inside of your network. It is user behavior - the opening, the clicking, the downloading - that serves as the enabler, allowing malicious actors to gain entry to your network and find the valuable personal or company information they're seeking. Recently, a slew of invoice-themed malicious phishing emails was found to have penetrated a customer network - past a tried-and-true network defense system and straight into employee inboxes. A proxy service eventually detected and flagged that users had visited malicious URLs, but there was limited visibility into where and how the attackers entered the network, the number of users affected, and the extent of the potential damage.

About Customer

The customer is a large energy organization with 3,000 employees. The company was the victim of a phishing attack, which occurred due to the failure of perimeter security. The phishing emails managed to penetrate the company's network defense system and landed straight into employee inboxes. A proxy service eventually detected and flagged that users had visited malicious URLs, but there was limited visibility into where and how the attackers entered the network, the number of users affected, and the extent of the potential damage.

Solution

DTEX's Workforce Cyber Intelligence Platform was used to provide critical insights and answer important questions enabling the security team to fully understand the origin and trajectory of the attack, and pinpoint affected users and endpoints. The platform was able to uncover evidence of advanced techniques commonly leveraged to avoid detection and successfully infiltrate employee inboxes. One such technique was the use of polymorphism, including dynamic email subject lines, URLs, document names, and executed payloads. Additionally, the links contained within the phishing emails were found to be addresses of actual company sites that had been compromised and used as transient locations to host malicious documents. DTEX's platform was able to provide answers to critical questions such as which users opened the malicious email, which users clicked on the malicious link or downloaded the attachment, when did the malicious email enter the organization, and which endpoints are potentially compromised.

Impact #1	Provided critical insights into the origin and trajectory of the phishing attack.
Impact #2	Pinpointed affected users and endpoints.
Impact #3	Uncovered evidence of advanced techniques used to avoid detection and infiltrate employee inboxes.

Impact #1

Provided critical insights into the origin and trajectory of the phishing attack.

Impact #2

Pinpointed affected users and endpoints.

Impact #3

Uncovered evidence of advanced techniques used to avoid detection and infiltrate employee inboxes.

Download PDF Version

Overview

Protecting Trusted Insiders

Operational Impact