Case Study: Incident Response
Global Car Manufacturer
Incident Forensics and Response
About the client:
Our client engineers, manufactures and markets the world’s best-selling all-electric vehicle in history, with its headquarters in Asia, and other operations in six regions around the globe, combining annual sales of almost 10 million vehicles. This company holds the world’s largest automotive partnership with organizations like Renault and Mitsubishi.
Industry: Automotive, Vehicle Manufacturer
Our client reported that a third party subcontractor they were working with had been hacked for a third time within a six-month period, experience multiple compromised instances and resulting in a large potential business risk of IP (Intellectual Property) being compromised and publicly distributed. Also, IP might be used by competitors as well as attackers to compromise customer’s systems.
The challenge was a multifaceted one, with our client requesting Incident Forensics on three different servers, as well as a Security Improvement plan and polishing existing IR plan for the organization.
We were able to single out the attackers as a group from Romania, our investigations led us to understand that these hackers were breaking into the servers through a vulnerable version of an Apache Tomcat server hosted in the client’s Amazon EC2 environment, causing the loss and modification of information on the servers. After stealing passwords attackers tried to compromise the rest of the infrastructure, and after failure utilizing compromised systems as DDoS botnet members. In order to minimize the impact on the business, we isolated systems in order to preserve and collect evidence (for future training purposes). Once forensics was complete we began our Incident Response by helping our client assess the level of the impact of the breach, educating them on which systems were compromised, identifying what data was stolen, accessed, and removed, and estimated the potential impact for customers and partners.
By improving visibility on the cyber incidents that occurred within the organization we were able to prepare with an actionable and detailed plan through a coordinated team response, allowing operations to return to normal. Reports to key stakeholders thus included:
• A detailed technical report with an executive summary
• Forensic analysis of acquired data
• Forensic evidence for appropriate law enforcement or investigating government agency as requested by the customer (Systems preserved images, archive with events sorted by date, screenshots, extracted data files, and logs)
• Identified vulnerabilities
• ISMS recommendations
• Recommendations on how to avoid security incidents in the future
• Incident response plan
• Collaboration initiatives with CISO/CTO/CIO/CEO to mitigate risks/consequences of data leakage or security breach
We helped our client to stop ongoing attacks and to mitigate future cyber threats immediately, during next three weeks we also worked to provide our client with insight on how the attack was conducted, by whom, when, and why. With this information we were able to assess the damage caused.
Get the Help You Need
Contact us for immediate assistance for a possible cyber incident or security breach.
We will get back to you as soon as possible or in case of urgency feel free to call:
Tel: +1 929 999 5101