Incident Response
Investigating a Cybersecurity Breach for a Sports Equipment Retailer
The Background
PORT is one of the largest winter sports equipment retailers in Australia. They are the destination for all the best skiing, snowboarding and outdoor sports brands. Founded in 1985, the company operates a website that accounts for 20% of its income.
During one of its routine checks, PORT discovered a password-stealing Trojan on their website. Kaspersky Labs verified the detection to be a true positive, however, their web host was unable to detect and remove the infection. Shortly after the detection, PORT received reports that their customers' credit card details were being mined.
The Process
Pragma was engaged by PORT to investigate the cybersecurity breach on their systems. Pragma discovered that the website is extremely vulnerable to SQLi and other forms of attacks due to the deployment of obsolete backend software and operating system.
As the site has been attacked multiple times, and contain notable security vulnerabilities in the hosted platform, Pragma agreed with the client and their insurers to temporarily host the platform on Pragma's CloudControl platform which includes security monitoring, network security and Distributed Denial Of Service (“DDOS”) protection.
The Result
Pragma eradicated all traces of the malware and upgraded various components of their website. As part of the migration to the CloudControl platform, Pragma reviewed the client's system architecture and identified and patched a component that was vulnerable to SQL injection (“SQLi”).
During the month that the website was hosted on Pragma's CloudControl platform, 7,829 threats were blocked, including 116 further SQLi attempts. All these attacks were rejected by the increased network security. The website is now stable and threat-free.
Tags:
© 2023 Pragma. All Rights Reserved. Pragma® and the Pragma logo are registered trademarks of Pragma Pte Ltd