IR Hotline Numbers:

+44 20 3318 1470
+60 154 877 0076
+61 2 7908 1745
+65 3165 8788
caution icon

Experienced a breach? Reach us now

company logo

Incident Response

Investigating a Cybersecurity Incident for a Transport Company

Investigating a Cybersecurity Incident for a Transport Company

The Background

The client is a supplier to some of Australia's largest transport companies. With over 20 years of experience in the industry, the client manages the needs of any high load transport, no matter how big or small.

The client encountered a recent cybersecurity incident on their Office 365 account. The client reported having inadvertently clicked on a phishing link, which they think executed malware.

The client was unable to provide feedback on whether any forwarding rules were observed, removed or the like, and whether the issue could have spread to other mailboxes belonging to the Client.

The Process

A tenant-wide investigation was performed on the client's O365 tenant account. Pragma reviewed available logs and verified the details of the mailbox breach provided by the client. Scanned user endpoints with Emsisoft Emergency Kit (EEK) and Sophos Virus Removal Tool (SVRT); installed enterprise-grade anti-malware by Sophos on the two user endpoints and monitored said anti-malware for any alerts.

The Result

Our fast containment and eradication service enabled QLD to get rid of the malware. Pragma removed suspicious rules from the O365 tenant account and did not detect any more suspicious rules. Audit logs were turned on and there were no other suspicious logins to the affected account or any other account after the password was changed.

It was recommended that all staffs should use strong passwords for all working system, deploy data loss prevention software on the O365 tenant account, activate two-factor authorisation and activate the Azure active directory smart lockout feature.

Tags:

Transport Company
Cybersecurity Incident
Office 365 Security
Phishing Attack
Malware Detection
Endpoint Scanning
Tenant-wide Investigation
Suspicious Rules Removal
Password Security
Data Loss Prevention
Two-Factor Authentication
Azure Active Directory
Security Recommendations

Join the Pragma Community Today

Email


Solutions

Cyber Advisory

Technology Risk

Compliance, Conduct, and Regulatory Risk

IT Audit

Insights

Pragma Logo

Terms & conditions

Privacy Policy