In 2018, a global Swiss Bank could have suffered a devastating targeted attack on its customer base. Fortunately, ZENDATA’s, at the time newly created, Attack Staging Detection service was monitoring the Swiss Bank external cyber threat landscape, as part of our commitment to protect our customers holistically, since many of them are the Bank clients. In early 2018, the platform alerted our internal threat detection team due to the creation of a suspicious domain that indicated threat actors were preparing a cyberattack wave.
What the ZENDATA team did
- Analyzed the new domain and its IP address
- Investigated the attack history of the IP address
- An examination revealed that this IP address had been used in past attacks
- Examined the domains linked to this IP and their entire past environment
- The investigation revealed that all the fake domain names linked to this IP address were in the finance sector, raising the suspicion of recurrent typosquatting
- Emails containing .DOC files with macros were discovered
- Identified a possible phishing attack against the Swiss Bank customers with a Word file containing the EMOTET malware
What happened next?
In less than 40 minutes after the registration of the domain by threat actors, we issued our report to the Swiss Bank cyber security team, including recommended responses and steps to fully shut down the domain. No incident followed, concluding that the proactive approach of ZENDATA’s teams prevented a potentially devastating attack.
What is Attack Staging Detection?
“Attack Staging Detection” is a forward-looking proprietary cybersecurity technology developed by ZENDATA, aimed at stopping cybercriminals in their tracks before they can even start their attacks. This innovative approach focuses on the early stages of a cyberattack, specifically on the preparatory steps and actions that hackers undertake prior to launching their offensive against target organizations. This method shifts the cybersecurity focus upstream (“shifting left”) to detect and neutralize potential threats before they materialize into attacks and incidents. The technology monitors internet-connected infrastructure, darknet chatter, and a range of other connected sources, including ZENDATA’s Cyber Threat Intelligence Fusion Center, to look for warning signs that hackers are getting ready to strike. By catching these early hints, ZENDATA helps keep organizations safe by stopping cyberattacks before they happen, making it a game-changer in how we protect our digital spaces.
Conclusion
This case study shows that the best defence against cyber threats is a proactive approach, based on constant monitoring and analysis of risks. Ultimately, the story highlights the fact that proactive prevention through threat intelligence is the most effective strategy for countering cyber attacks and strengthening cyber security.
