CASE STUDY – CYBERSECURITY BREACH
ANS Networking received a request for service from a local NH Police Department. The contact described strange email and network issues. It was determined that an on-site visit was necessary to troubleshoot the issue.
ANS responded to the inquiry with an on-site visit to examine the current issues and discuss Cybersecurity. After interviewing the on-site contact and examining the network, it was clear that a cybersecurity breach was in process.
ANS Networking determined that virus software was not installed on all computers. The virus software in use was not enterprise type virus software. The router/firewall had no security services enabled and various ports were open for unknown reasons.
Server logs did not indicate abnormal login activity. Remote access from the hacker was not apparent at the time. Some email accounts were not under the end user’s control. Emails were being sent to other departments within the town to propagate the virus payload. Private Facebook accounts were also compromised.
Steps taken to determine the extent of the breach:
- ANS Networking removed access to the internet on all devices.
- Server and workstation logs were examined.
- Router/Firewall logs were examined, and logging was increased to gather more intel.
- We utilized packet scanning software to inspect traffic from all endpoints and servers.
- Virus software was introduced to the network to isolate any malicious malware.
- Reconfigured router/firewall until replacement could be installed.
- Setup suspected devices on subnet to access the internet for further scrutiny.
- ANS Networking worked with the FBI to send hard drives to forensics for further examination.
The hacker used a Phishing email with an attached executable. An internal user clicked on the link and installed a keylogger with SMTP. The program copied all keystrokes and sent them to a predetermined email address.
Once the hacker gained access to the external email account, they utilized the account to send compromised email to other users within the Police Department. Other users were subsequently infected and the keylogger was noted on ten percent of the computers.
When was your last Cybersecurity Audit?
Get A Free Cybersecurity Audit
CONTACT US TODAY!
ANS experts will work with your company to provide a customized network security and management plan today.
Steps Taken to Resolve the Issue:
- All hard drives were removed and sent to the FBI for analysis.
- All other computers were reimaged and put back into production.
- The servers were scrutinized and determined to be clean of any malware.
- A new router was installed and configured with security services enabled.
- Servers were hardened using best practices.
- Virus software was installed on all systems.
- Changed email providers and switched from POP accounts to cloud based hosted exchange.
- Utilized two factor authentication where appropriate.
- Deployed malware and DNS filter to mitigate Phishing attempts and malicious websites.
- ANS Networking installed RMM (Remote Monitoring & Management) software.
Cybersecurity Services Results in NH, MA, and ME