A global financial institution worth over 30 billion pounds sterling, with employees around the world conducting highly complex data processing activities involving the use of highly sensitive data.
We were contacted by the CIO of the financial institution and asked to sign a non-disclosure agreement and get someone onsite that could advise them about a cyber security breach ASAP! With the agreement signed and the pedal to the medal, we were there in next to no time. Upon arrival, we were informed that there had been suspicious activity from inside their network that caused their entire network and telecommunications systems to crash. We were told that suspicious activity coincided with their organisation floating a bond on the stock exchange that had reached over 90 years of maturity.
We set up a conference bridge and had two of our Senior Cyber Security Consultants join. Our client shared detailed information about their network topography and the nature of the suspicious activity that they had detected and the consequent network/telecommunications outage. Our consultants asked a number of questions, and within minutes were able to specify what they exact cause was likely to be. Microsoft Powershell had been used by a malicious insider to escalate their admin privileges. They had embedded crudely scripted malicious code into an excel spreadsheet to do so. The crude nature of the script is ultimately what caused the network to crash (sending more queries than the CPU could handle).
The first action we took was to share a link to some code that one of our Cyber Security Consultants had previously published on Github, which is designed to enable organisations to use Microsoft Powershell in a manner that does not enable users to escalate their admin privileges, so as to prevent the incident from occurring again.
Secondly, we help the organisation to identify narrow down the possibilities of where the threat came from out of 3,000 employees so that they could take the action they needed to prosecute the offending employee.
Our Clients Opinion
Here is what our clients Global Chief Information Officer had to say:
“IG-Smart Ltd’s not only worked diligently and rapidly to enable us to identify and eliminate a cyber security vulnerability that left us exposed to a highly motivated malicious insider threat, but they also helped us to identify the source of the threat” – Anon Global CIO, Financial Services Institution