In late 2018, cybercriminals conducted a multimillion-dollar raid on a mid-sized bank in Pakistan. In the chaotic aftermath of the breach, one of the country’s largest banking consortium was compromised by the notorious cybercrime collective, Lazarus. Overwhelmed by their sophisticated attacks, massive losses seemed inevitable – until Ebryx was called to assist.
A tense war ensued. The adversary met Ebryx’s attempts to protect the client with new attack techniques and patterns. Each preventive control measure was met with new malware, target machines, and a revised attack path. Our talented security specialists acted at lightning speeds to counter, predict, and preemptively block these attacks.
To completely contain the attack, our analysts had to get to its core. Our incident response investigation found patient-zero to be an employee who had been tricked into sitting for an interview with the attackers. Our Digital Forensics and Incident Response (DFIR) team contained the attackers in a segment of the user LAN and cut off any possible paths leading to the consortium’s production server.
The banking group knew what was at stake and decided to engage the best the industry had to offer. The consortium asked several DFIR service-providers to assist, who mostly overpromised and underdelivered. Eventually, an expert recommended Ebryx. To test Ebryx’s capability, the group challenged our team to identify the infected machines and produce a forensics report. The expertise and technical detail reflected in the initial test report impressed the consortium, which asked Ebryx to launch a full-scale response to the attack. Not wasting a precious second, our analysts dove straight into identifying the problem and isolating the attackers.
With Ebryx’s help, the banking consortium successfully contained the attack on their system. The intrusion made them aware of the gaps in their security posture previously unknown to them. The consortium asked Ebryx to conduct regular incident response drills to train their staff to respond to intrusions and to minimize risk. The attack revealed the gaps in the security posture of the finance network and in the areas where they stood to improve. Relieved to have contained the threat but cautious for the future, the banking consortium is now well-equipped to counter future cyberattacks.