The following story is based on a third-party compromise that occurred in December 2019. Customer names and titles have been changed to ensure their privacy.
Todd, a risk management director at a communications organization, was relieved the first time he used Prevailion and saw that his immediate network was green — clean of active cyber compromise. Seeing that all-clear sign from Prevailion was reassuring, because it validated the existing security measures that he had enacted to secure his network.
But trouble was brewing just on the other side of his organization’s door.
Beyond monitoring his company’s IP addresses, Todd is using Prevailion to continually monitor his large ecosystem of third parties, including vendors, suppliers and partners. After Todd dug a little deeper, he discovered that a trusted third-party organization had an active compromise lurking that could jeopardize Todd’s own infrastructure by “island hopping” through their linked connections. It was only a matter of time before his partner’s compromise became his own, threatening his customers’ valuable data and proprietary information.
Todd reached out to Prevailion for guidance on what he saw as an active cyber compromise in his partner’s network — something that could ultimately affect his network. Prevailion’s intelligence team confirmed the issue, and with Todd’s help, agreed to connect with the partner’s head of IT to bring the security flaw to their attention.
The next step can be tricky. No one wants to hear about an unseen problem lurking in their network, and they certainly don’t want to hear about it from an organization they’re unfamiliar with. But Todd’s story demonstrates how banding together to combat compromises in a proactive, communal way can benefit all parties. That’s why it’s important to break through the inertia around inter-organizational relationships to counteract the advanced nation-state adversaries of today.
“Our contact with the organization was through the head of IT, and he was uncomfortable and unsure about us at the beginning of the call,” said Adam Flatley, VP of Prevailion’s Tailored Intelligence Team. “But after I walked him through who we were, how we target bad actors on the Internet to discover compromise activity, and the depth of our compromise intelligence, that relaxed him significantly.”
Adam is a veteran with properly delivering a victim notification. Having served 15 years with the Department of Defense and two years at Cisco’s Talos Intelligence Group, he’s seen the impact of threat actors on a global scale across the networks of nation-states, businesses, and individuals.
After Adam oriented the head of IT to the compromise Todd had witnessed on Prevailion’s platform, a glimmer of recognition was heard in the man’s voice.
“Oh, yeah! I thought I took care of that back in November,” he said, alluding to the removal of malware on a machine in his network — software that was programmed to prop a door open and infiltrate or exfiltrate data. What he didn’t know at the time is that the compromise had silently persisted. It likely would have gone unchecked for a significant period of time before being rediscovered, leading to untold damages.
While Prevailion does not perform the incident response on-site, the company will supply the evidence of compromise to the affected party. This documentation of the malicious activity was supplied to the head of IT, which was enough information for him to close the loop entirely on his end.
Not long afterward, Todd checked Prevailion’s Apex platform and confirmed that the affected organization is no longer compromised — and it all started when he expanded his compromise visibility just beyond his organization’s network.
Yes. A compromised third-party vector, like the story above documented, is how Target’s point-of-sale systems were breached in 2013. This breach resulted in one of the largest credit-card scandals in history, affecting 40 million customers and accounting for more than $220 million in damages to the company over the ensuing years.
Prevailion is a next-generation intelligence company that monitors billions of active, malicious beacons all around the world. That is a step beyond the indicators of compromise that are at the core of most security solutions.
If Prevailion sees something, it’s not just an indicator of a compromised network, it’s evidence of compromise.
Register for free access to the Prevailion Apex Platform to check for threat actor activity in your organization.Sign up to schedule a personalized, live demo of the world’s first zero-touch Compromise Intelligence™ platform.
Karim Hijazi, who served as the director of intelligence of the cybersecurity firm Mandiant and now serves as CEO of the security firm Prevailion, said the hackers will likely have “gone to ground” at this point.
While threat actors like Cozy Bear and Fancy Bear get a lot of attention, there is another While threat actors like Cozy Bear and Fancy Bear get a lot of attention, there is another sophisticated crime actor that companies need to be watching out for.The group is called TA505 and it is believed to be […]
“This was the most pristine espionage effort, unlike anything we’ve seen in a very long time,” said Karim Hijazi, a former intelligence community contractor. “Everyone in the cybersecurity community is freaking out, because we don’t know where this could stop.”