MEDIUM-SIZED CONSTRUCTION FIRM | INCIDENT RESPONSE TO A BUSINESS EMAIL COMPROMISE
A commercial construction firm engaged DarkTower to conduct a forensic investigation after a Business Email Compromise (BEC).
SITUATION
The client recently experienced a Business Email Compromise, which resulted in a initial loss of more than $500,000.
SOLUTION
DarkTower conducted a forensic investigation of the network for evidence of the source of the compromise.
The forensic data review and analysis engagement included:
Gathering all data from Office 365 tenant Identifying and researching data exfiltration Reviewing and reporting on user connections and data transmittal Identifying and reporting on any existing malware Thorough forensic review of email history, identifying compromises and unusual user activity
An investigation focused on malicious activity and final reports included:
Audit trails System access reports Chain of custody reports Copies of all forensic evidence
RESULTS
DarkTower successfully located the point of compromise, allowing the client to address the vulnerabilities and mitigate against future attacks. Due to the forensic investigation findings, the client also successfully reclaimed all financial losses as a result of the BEC attack.
RELATED CASE STUDIES
CYBER ENGINEERING
DarkTower conducted a full review of IT Security policies and procedures against the NIST framework and established a cyber surge team.
THREAT INTELLIGENCE
Significant changes were implemented from DarkTower's assessment to secure and optimize the college’s information infrastructure.
THREAT INTELLIGENCE
DarkTower conducted a forensic investigation to locate the point of compromise, reclaim financial losses, and prevent future attacks.
CYBER ENGINEERING
DarkTower provided a mobile deposit vulnerability assessment and application security scanning for the client’s Android and iOS applications.
