Insurance Cyber Security Case Studies & Forensics Analysis

Written By CyberSecOp Cybersecurity & Breach News

Insurance Security Case Studies & Forensics Analysis

The following Case Study & Forensics Analysis is for a global International Insurance company

  • Client: Major International Insurance Firm

  • Incident: At 11:00 pm the corporate network went down.

    • Users could not log onto the network via SSO and Active Directory

    • The entire corporate central authentication systems where not working

    • Without a way to authenticate email services where inaccessible

  • Additional information shared:

    • The client is a large insurance firm with a prominent public profile.

    • The breach was initially suspected to be a targeted attack.

    • Multiple media sources had written accounts of a specific group’s sophisticated hacking capabilities.

  • Actions taken during the Forensics Analysis:

    • An Incident Response and Forensics Analysis Team was deployed to the client site within 4 hours.

    • All available evidence was imaged and backed up.

    • Logs were gathered from the internal/external web servers, firewall, routers, IDS/IPS, Windows event logs.

    • Evidence files obtained from server hard drives were analyzed.

    • All collected logs were correlated and analyzed.

    • Services and processes on the effected computers were analyzed.

    • Windows Server, Router and firewall configurations were analyzed.

    • Every step of the investigation was documented in detail.

  • Results:

    • The CyberSecOP team discovered a sophisticated botnet with command and control software installed.

    • The botnet changed the security policies on the servers preventing authorized users from logging in.

    • The botnet was a brand new form of malware, and no public information was available until 12 days later.

    • The root cause of the vulnerability was determined by the CyberSecOP team to be due to a mis-configuration of the firewall.

    • The CyberSecOP Team provided an analysis report and recommendation on root cause remediation.

    • The CyberSecOP Team assisted the client with the root cause remediation process and restored the network and email operation.

    • Based on the evaluation, The CyberSecOP team concluded this instance was not the result of a targeted attack.

CYBER SECURITY CISO SERVICES 

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, DFAR, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News
Previous

Education Case Studies & Forensics Analysis - Security Program Development

Next

Financial Services Case Studies & Forensics Analysis