Our client, a pioneering force in the financial sector, operates as a licensed Payment System Operator (PSO) and Payment Service Provider (PSP) with nearly two decades of impactful innovation. As a leading payment gateway and switch system, our client collaborates with numerous member banks and billers, playing a crucial role in shaping banking transactions.
The client opted for Ebryx due to its specialized security services. Our team’s expertise in financial systems, crucial to the client’s infrastructure, coupled with a deep understanding of state regulations and security compliances, made us the ideal choice for building a robust and compliant cybersecurity framework.
Our client, a key player in the financial sector, sought our expertise to enhance its cybersecurity posture. This comprehensive engagement covered SOC L2 Analysis, Incident Response and DFIR services.
Ebryx demonstrated its proficiency in handling multiple security breach incidents on the client’s platform, ensuring prompt and thorough resolution without compromising the client’s infrastructure. Noteworthy instances include:
The Ebryx Security Team swiftly addressed a security concern involving a client employee’s computer, flagged for malicious IP communications. Through meticulous L2 investigation, it was revealed that the EDR alert had been triggered due to the host machine communicating with a suspicious domain. Further scrutiny uncovered that the Google Sync feature had been attempting to sync or download potentially malicious extensions from this domain. Specifically, two Chrome extension IDs were identified: one associated with the “Chrome Remote Desktop” extension, offering remote access capabilities, and the other linked to the “Adobe Acrobat” extension for Chrome, facilitating various PDF functions. Importantly, despite the detection of these extensions, the system registry remained unchanged, with no evidence of DLL sideloading, and the host file remained unaltered. The Ebryx Digital Forensics and Incident Response (DFIR) team conducted a comprehensive investigation, ensuring a thorough analysis and resolution of the incident.
The Ebryx security team responded to a TrendMicro alert indicating potential security issues, specifically “Network Content Inspection and C&C Callbacks,” on an employee’s workstation of the client. The alert highlighted scanning attempts on the client’s network, targeting its public IP address from external malicious IPs at various intervals. Although these attempts were inbound, all connections were successfully blocked.
In reaction to this alert, an exhaustive investigation was initiated using advanced tools, focusing on the alert period to identify any unusual process or network activity on the affected machine. This scrutiny uncovered that the IIS web service had been inadvertently made accessible on the client’s public IP.
Upon these findings, the Ebryx Security team recommended an immediate halt to the IIS web service on the host machine, provided it wasn’t essential for operations. Additionally, new detection and prevention mechanisms were implemented by the Ebryx security team to mitigate the risk of similar suspicious behavior in the future.
Our comprehensive security measures not only involved the establishment of a robust security framework for the client from scratch but also ensured a flawless track record with zero successful breach incidents on the client’s infrastructure. This achievement was accomplished seamlessly, preserving the performance of their architecture and maintaining uninterrupted business processes throughout the security improvement period.
GET IN TOUCH!
info@ebryx.com
+1 603-912-5385
389 Main Street, Unit 5
Salem, NH 03079
