Incident Response
Investigating a Cybersecurity Incident for a Transport Company
The Background
The client is a supplier to some of Australia's largest transport companies. With over 20 years of experience in the industry, the client manages the needs of any high load transport, no matter how big or small.
The client encountered a recent cybersecurity incident on their Office 365 account. The client reported having inadvertently clicked on a phishing link, which they think executed malware.
The client was unable to provide feedback on whether any forwarding rules were observed, removed or the like, and whether the issue could have spread to other mailboxes belonging to the Client.
The Process
A tenant-wide investigation was performed on the client's O365 tenant account. Pragma reviewed available logs and verified the details of the mailbox breach provided by the client. Scanned user endpoints with Emsisoft Emergency Kit (EEK) and Sophos Virus Removal Tool (SVRT); installed enterprise-grade anti-malware by Sophos on the two user endpoints and monitored said anti-malware for any alerts.
The Result
Our fast containment and eradication service enabled QLD to get rid of the malware. Pragma removed suspicious rules from the O365 tenant account and did not detect any more suspicious rules. Audit logs were turned on and there were no other suspicious logins to the affected account or any other account after the password was changed.
It was recommended that all staffs should use strong passwords for all working system, deploy data loss prevention software on the O365 tenant account, activate two-factor authorisation and activate the Azure active directory smart lockout feature.
Tags:
© 2023 Pragma. All Rights Reserved. Pragma® and the Pragma logo are registered trademarks of Pragma Pte Ltd