he Incident
Our SOC (Security Operations Center) providing monitoring and control services for a global maritime shipping company received a real-time alert from the firewall about suspicious activity on one of the local servers. Additionally, an alert was received regarding the execution of a command from the identity management server.
Findings
- The attacker gained access through a third party whose credentials were stolen – in this case, through the account of a subcontractor that was compromised.
- The attack included vulnerability scanning and the identification of the zerologon exploit.
- The attacker copied a central organizational database.
Actions Taken
- We alerted about the findings and accompanied the investigation and incident response team throughout the entire event.
- A comprehensive password change was implemented, and two-factor authentication was enforced across all accounts in the organization.
- An extensive scan was conducted to identify additional vulnerabilities (with no significant findings).
The Outcome
The attack succeeded but was stopped relatively early and with minimal damage thanks to continuous monitoring and immediate responses. Lessons were learned to prevent the recurrence of similar or other incidents.
And how the client summarized the event…
“The guidance of the experts at Experis Cyber helped in managing the incident and minimizing the damage resulting from the breach. The incident demonstrates the importance of continuous monitoring and control of organizational systems, and the SOC services of Experis proved themselves.”