Challenges
Global manufacturers depend on seamless communication among internal teams, vendors, and customers. However, the rise in Business Email Compromise (BEC) phishing attacks means even the most diligent employees can fall victim. In this case, with thousands of employees and a recent incident, this manufacturer’s small security team had limited expertise and knew they needed to mature their security posture. After consulting with an Incident Response (IR) firm for cyber resilience recommendations, it became clear that the manufacturer required additional expertise to bolster their security tools and overall cybersecurity posture. The IR team’s assessment highlighted the need for a more effective Endpoint Detection and Response (EDR) solution, 24x7x365 monitoring, and expert analysts to work alongside the security team on more complex investigations. These measures were essential to ensure comprehensive protection and a swift response to potential threats.
Solution
Binary Defense’s Managed Detection & Response (MDR) service emerged as the ideal solution. Offering 24x7x365 monitoring, Binary Defense collaborates closely with in-house security teams to aid in the implementation of security tools, development of a personalized detection strategy, and provide ongoing tuning to reduce false positives over time while eliminating the need for additional headcount. Combining increased visibility and coverage from Binary Defense MDR with the expertise of Binary Defense’s Analysis-on-Demand (AoD) team, clients gain access to Tier 3 analysts capable of conducting in-depth analysis and providing immediate responses to alerts that warrant a more thorough investigation. This tailored solution gives security teams peace of mind, knowing their organization’s environment is protected, with expert analysts providing continuous monitoring coverage.
In Action
Shortly after Binary Defense stood up its MDR capabilities, the manufacturer’s security team received several potentially malicious user-submitted emails that had been clicked on. Subsequently, they discovered that one of the user’s accounts was compromised and was being used to send phishing emails to both internal and external contacts. The internal security team promptly engaged the Binary Defense’s AoD team for a thorough investigation to uncover the full scope of the phishing attack. Using forensic tools, reviewing the audit logs of the compromised user, and submitting a Request for Information (RFI) to the Threat Intelligence team were a few of many actions taken during the investigation. The RFI report provided crucial insights, confirming no evidence of the user’s account being previously leaked and identifying the sites used to host the phishing pages as digital document publishing sites (DDP). Combining the Threat Intel’s team report with their own findings, Binary Defense’s team developed a full report on the phishing attack. Upon concluding their in-depth investigation, they conclusively confirmed that a credential phishing attack had impacted three users, with one falling victim to complete control of their email and API by a threat actor. This account compromise was a direct consequence of malicious actors gaining persistent access to the user’s account through a consented malicious application. To strengthen the manufacturer’s security posture and prevent future successful phishing attempt, Binary Defense provided several strategic recommendations like disabling users’ abilities to consent to applications without the prior approval of an administrator, as well as other remediation steps. This collaborative effort ensured that the attacker was eradicated completely from the manufacturer’s environment and that the manufacturer’s security controls were strengthened to prevent future incidents.
Results
For this global manufacturer, securing their environment required replacing ineffective tools and collaborating with a trusted security expert to navigate complex investigations. By leveraging Binary Defense’s Managed Detection and Response service, Analysis-on-Demand, and Threat Intel on Demand, the manufacturer received a tailored solution that safeguarded their organization, reputation, and data from attackers. This partnership enabled the deployment of a new EDR, the creation of custom detections, and a reduction in false positives through ongoing tuning. The manufacturer found that Binary Defense’s customized solution not only addressed immediate threats but also strengthened their cybersecurity framework, ensuring long-term protection and resilience against attackers.