January 13, 2014Asia & Worldwide0
Case: Investigating a hacking incident
Location – Indochina
Brief: An IT department of a large financial institution with offices throughout the region witnessed a sudden surge in their security events logs, causing several administrator accounts to be locked out due to numerous incorrect password attempts. The location of these incorrect password attempts was tracked to one of their offices in Indochina. RP-DS was engaged to investigate and respond to the incident.
Outcome: An RP-DS security professional was on-site in Indochina at the clients’ request within a very short span of time to conduct incident response work. Live memory capture and analysis was performed on the suspect machines, along with traditional forensic imaging. Analysis of the suspect machines showed suspicious activity. Upon further analysis, this turned out to be “Malware,” which was deliberately installed software to allow an attacker to gain access to a computer attached to the corporate network. Further investigation revealed that passwords had been compromised and the attacker had free access to the entire financial institution’s network. RP-DS were able to help identify the source of the attack and help the client in the “clean up” and “lock down” process.