From Hacking Demo to Real-Life Scenario
The situation was eerily similar to a ĢTV workshop James had previously attended; a session that was designed to highlight these exact types of threats.
An end user received a somewhat-suspicious attachment and attempted to open it, but stopped short of enabling macros. They forwarded the doc to a second user, who did open it and unknowingly unleashed Qakbot—a banking trojan capable of logging keystrokes, harvesting browser credentials and self-propagating throughout a network.
One of the challenges with Qakbot is that it’s designed specifically to bypass preventive security tools like antivirus and DNS filtering.
That’s when the ĢTV platform jumped into action. By identifying and analyzing newly created Windows autostarting code, ĢTV determined Qakbot was in play—and a SOC engineer generated an incident report which explained what had happened and how to fix it.
Moments later, the end user realized their mistake and sent an email to Binatech—where James and his team were already working to resolve the issue.
“We were taking remediation steps before that user’s email hit our inbox,” he said. “The alert from ĢTV gave us a clear understanding of what we were dealing with and which user was affected, which made it easy for us to respond right away. The platform truly delivered in this scenario—we were able to disconnect the machine and reset every password the user was tied to—all within twenty minutes of receiving the initial alert.”
“In addition to stopping the threat, ĢTV really helped us demonstrate our value to the client,” he added. “It ultimately even helped us upsell some additional services.”
Without ĢTV enabled, the attack could’ve played out quite differently. “Who knows how long it would’ve taken to remediate, assuming we’d found the banking Trojan,” Otis explained. “The real question is how much money would have been lost had the Trojan successfully extracted bank account info—that’s the part we’re grateful to not have to deal with.”