In 2020, a major player in the Swiss construction sector, still had no global security protection and could have suffered a devastating targeted attack. As part of its Threat Intelligence service, ZENDATA monitors a number of illegal online markets, including GENESIS Market, known for reselling personal data such as usernames, passwords, cookies and IP addresses. One day, we identified a potential threat when the domain name was spotted on this market. We immediately notified the head of the company and began our investigation.
What we did
- Contact company to inform them that one of their computers appeared to have been hacked
- We scanned nearly 400 computers at the company. No signs of corruption were detected, but the company took the precautionary decision to close its offices until the problem was fully resolved
- As a precaution,the company‘s management requested that all passwords be changed, although one computer remains potentially infected
- With the help of Human Resources, we profiled the potentially compromised user, based on their browsing history and passwords. Identification of the person concerned was successful
- Discussion with the employee concerned. It turns out that their child had installed a number of games on their personal computer, which this person used for work. This person was responsible for the company’s public tenders. If their computer was hacked, then all their competitors would have been privy to highly confidential information
What happened next?
This incident highlighted the vulnerability of employees working from home. The company implemented stricter and more realistic IT security policies and training for employees, and signed an agreement with our ZEN360 service for enhanced protection.
What is threat intelligence?
Threat Intelligence is the crucial process of gathering, analysing and interpreting information about current and future cyber threats. It enables organisations to understand the TTPs used by hackers and to protect themselves against them. By actively anticipating the vulnerabilities and tactics of attackers, Threat Intelligence helps to put in place proactive and appropriate defence strategies, ensuring better protection against cyber-attacks.
Conclusion
The situation encountered by the Company in 2020 was not only a turning point for them in terms of cyber security, but also offers valuable lessons for the entire sector. Resolving this crisis has shown that a proactive approach is essential when it comes to managing cyber risks, particularly in a context where teleworking is becoming increasingly common. Threat intelligence also means being able to respond proactively to the risks posed by teleworking.
