Beyond Boundaries: Securing A Global Investment Landscape

Client Overview

Operating within the digital investment landscape, the client’s specialty lies in providing access to private equity and venture capital funds. The client’s global footprint spans 23 countries and they are headquartered in Berlin, Germany. They have strategically positioned offices in key financial centers, including the UK, USA, Luxembourg, Paris, Zurich, Singapore, Hong Kong, and Lisbon.  This international presence allows our client to cater to a diverse investor base and offer investment opportunities tailored to unique needs in various regions.

Why the Client Chose Us

Ebryx was approached for its specialized SOC (Security Operations Center) services, hence leveraging the expertise of its cloud security analysts in cloud technologies crucial to their infrastructure. Our commitment to adhering to security compliances, such as ISO 27001/2 and GDPR, further solidified the client’s confidence in partnering with Ebryx.

Project Overview

In a digital landscape fraught with evolving threats, the client turned to Ebryx for comprehensive SOC services, including L1 Analysis and Triage, L2 Incident Response, Penetration Testing, Security Detection Engineering, and Cloud Security Engineering.

How Ebryx Responded

Without harming the client’s infrastructure, Ebryx succeeded in promptly addressing multiple security breaches. The following examples showcase the security team’s swift response and solutions in light of the alerts.

Proactive Defense against ‘Password Spray’ Attack

In a significant security event,.the client’s web platform faced a formidable ‘password spray’ attack, aimed at unauthorized access to customer accounts. Our team responded by thwarting all login attempts. The failures had all been attributed to either ‘Bad Password’ or ‘Wrong MFA Code’. The attack, orchestrated by 52 malicious IP addresses, targeted over 1000 clients. This infiltration was possible due to a vulnerability in the Okta application, which allowed the enumeration of user existence on the platform.

The collaborative efforts of Ebryx security team and the client’s development team were swift and effective. Together, they rectified the vulnerability at the platform’s endpoint that had facilitated customer enumeration. Additionally, an automated IP address block was established immediately to mitigate the risk of future password spray attacks or any other unauthorized authentication methods.

Unmasking the Fraudulent Investment Platform Campaign

Our security experts discovered a series of YouTube videos promoting an investment company bearing the client’s name, albeit on a different domain. Not only did the deceptive platform exploit the client’s reputation, but it also enticed unsuspecting customers to invest in fraudulent accounts. The investigation revealed numerous fake advertisers, video accounts, and web domains associated with this duplicitous scheme.

A thorough investigation uncovered suspicious characteristics within the delusive platform. These included the platform requesting permissions with potential malicious intent, the ability to query phone location (GPS), access to external storage, and indicators of bot communication commands.

Collaborating closely with our client’s marketing team, Ebryx security team presented compelling evidence to swiftly remove all deceptive media from the World Wide Web. Simultaneously, we implemented an enhanced customer recognition system on the client’s platform for differentiation between genuine users and malicious bot traffic. This diligent approach not only rectified the issue at hand but also secured the client’s platform against potential deceptive campaigns.

Responding to a Malicious Spear-Phishing Campaign

The team received an alert regarding a ‘suspicious email’ that had been sent to a leadership member of the client’s organization. This triggered a prompt analysis, leading the security team to conclude it was a ‘Malicious Spear-Phishing’ attempt. In response, a comprehensive sweep of the entire company email inbox was initiated to detect and respond to any similar instances concurrently.

Upon investigation, it was discovered that a few members of the leadership staff had inadvertently opened the malicious email. Some had even provided their company credentials to the harvester web applications linked in these deceptive emails. Taking immediate action, Ebryx security team removed all instances of malicious emails from the victims’ inboxes. For those who had mistakenly shared their credentials, the security team promptly rotated them to minimize potential risks. Furthermore, the security team implemented new detection and prevention mechanisms to fortify our client against future malicious email threats.

The Results

In addition to strengthening the client’s security infrastructure, Ebryx reduced breach incidents down to nil. Our seamless integration preserved the performance of their operations without disruption.

In conclusion, Ebryx’s SOC services not only shielded the client from diverse cyber threats but also demonstrated a commitment to proactive security measures, assuring the integrity of their digital assets.

Share the article with your friends

Related Posts

Posted by Editorial Staff Cloud technology has revolutionized business. In the age of lightning fast connectivity and communication, productivity and innovation have soared. Unfortunately, cloud environments are vulnerable to attack
May 22, 2023
3 Min Read
Posted by Editorial Staff In mid 2021, an organization in the telecommunication sector suffered a breach in their cybersecurity. Hackers compromised the company’s online services to target their end-users– putting
May 22, 2023
3 Min Read
Posted by Editorial Staff In late 2018 cybercriminals conducted a multimillion-dollar raid on a mid-sized bank. In the chaotic aftermath of the breach, one of the country’s largest banking consortium
May 22, 2023
3 Min Read

Have questions?
Let's talk.

Ebryx experts are ready to answer
your questions.

Contact us