On the Money
The client immediately got in touch with their bank. Sure enough, a storm was brewing.
“They discovered that there had been attempts to add an authorized user to their bank account,” Heindel says. “From there, wire transfers could have been made. Even obtaining a login to the banking site would have allowed the attacker to zero in on other aspects of the business, or access other tools and services. Had we not contacted the client, they wouldn’t have made the connection. Things likely would have got much, much worse.”
Did ĢTV’ initial detection just foil a wider extortion plot? Heindel certainly believes so.
“We had no concept of how deep this went,” he says. “How could we? We were just talking about mailbox rules! But it wasn’t a simple case of an account being infiltrated and spam being sent, it was far more coordinated than that. It could have done serious damage. Who knew what else they could have gained access to?”
Even more alarming was the precision of the attack. Though ĢTV had caught the attackers in the act before they were able to redirect via email, they had already managed that via physical mail.
“The criminals were concentrating on banks that the client used,” says Heindel. “It wasn’t just typical, generic bank addresses or email accounts. That information was known.
“Without ĢTV, we wouldn’t have picked up on anything until the client was having far more issues,” he continues. “Its Security Operations Center (SOC) works around the clock, meaning even the smallest change or potential threat is detected. When we first spoke, they were experiencing some difficulties trying to sign in, thanks to ĢTV’ early remediation efforts, but nothing else. They were surprised to hear from us at all. It was so subtle.”
ĢTV’ Managed ITDR solution is specifically designed to identify behavioral signs, like creating suspicious inbox rules, helping detect malicious activity early. And with the full backing of the ĢTV SOC, identities can be isolated as soon as suspicious activity is detected, so the attackers can’t do more damage. Plus, you can be notified of threats in a variety of ways – via ticketing system, email, automated call, or even a text message – to ensure you never miss anything critical.
“When someone calls and says they’re not getting any emails, then you know there’s a problem,” states Heindel. “But to be able to narrow it down to not receiving emails from two banking sites in particular? It could have been weeks before anyone was aware. Ours would have been a more reactive approach, as opposed to the proactive approach we were able to take.”