<img alt="" src="https://secure.kota3chat.com/187521.png" style="display:none;">
Icon

Express Delivery Company Detects and Stops Intrusion with the Help of GuardYoo’s Compromise Assessment Audit

Customer
Customer

National and regional market
leader in express delivery services

Industry
Industry

Logistics

Sector
Sector

B2C, B2B

Challenge
Challenge

Complex and diverse infrastructure


Lots of outdated hardware and software


Needed to deliver a full Asset Discovery

 

Detecting cyber threats, indicators of
compromise and ensuring best practices for IT and cyber security were being met

Scope of Work
Scope of Work

18,000 workstations


Mixed Linux and Windows Operating Software 

Results
Results

Hundreds of gigabytes of windows log files processed


Full visibility into IT and ICT processes


10 instances of mission critical

and business critical threats identified

 

Cyber strategic  plan delivered to increase  long-term cyber security posture

Icon
Organisation

This express delivery company has more than 25,000 employees and operates close to 3,000 offices and automated parcel terminals nationwide.

Icon
Challenge

The organisation’s newly appointed CISO and CIO needed a clear picture of their current cyber security posture and cyber risk exposure. They needed to know any if any previously undetected vulnerabilities existed on their network, as if there were, they may impede future development for the company.

The company was in need of a comprehensive cyber audit that would complement their existing cyber security solutions and would not involve costly and time-consuming integrations.

Icon
Approach

The company decided to undertake its first cyber health check-up and chose a GuardYoo Compromise Assessment audit as it would fall within existing budgetary guidelines and deliver results within their preferred time frame.

GuardYoo’s Compromise Assessment audit would deliver the following:

  • Icon A full Asset Discovery
  • Icon Indepth analysis of cyber threats and Indicators of Compromise
  • Icon Analysis of existing IT and Cyber practices to identify if best practices were being met
  • Icon Highlight any violations of compliance policies within the organisation
Icon
Process

The GuardYoo Artifact Collector module processed hundreds of gigabytes of windows log files and other relevant data that could help identify any behavioural anomalies relating to employees, services, apps and network traffic.

The gathered data was then uploaded to a private instance within AWS, which boasts the highest levels of encryption algorithms and two factor authentication.

Throughout the audit the company had full visibility of proceedings via their secured private account, allowing them to monitor each phase and the validation process. GuardYoo proprietary algorithms prepared the data for analysis and the results were sent to the GuardYoo analytics engine.

Once the machine learning process was completed and initial findings were made available, expert security data analysts validated the results and added any additional context that was relevant.

The audit was then sent to the Threat Hunting team who delivered the final report.

The final version of the Audit was delivered in PDF format. The report shared all relevant metrics highlighting the nature of the vulnerabilities found and how serious they were.

Icon KEY FINDINGS
Multiple instances of direct communication with external IP addresses and networks.

Multiple instances of direct communication with external IP addresses and networks

Large numbers of BSOD’s identified (Blue Screen of Death)

Large numbers of BSOD’s identified (Blue Screen of Death)

Instances of unauthorised PSEXEC use

Instances of unauthorised PSEXEC use

Multiple cases of potentially dangerous software deployed across the network (eg. TeamViewer, Ammyy Admin)

Multiple cases of potentially dangerous software deployed across the network (eg. TeamViewer, Ammyy Admin)

Multiple cases of Spyware found on the network

Multiple cases of Spyware found on the network

Multiple instances of windows log files being deleted without authorisation

Multiple instances of windows log files being deleted without authorisation

Icon
Results

As a result of GuardYoo’s Compromise Assessment audit, the company received better visibility of their network topology.

  • Icon 10 instances of mission critical and business critical cyber threats were detected
  • Icon Numerous Indicators of Compromise (IOC’s) were identified
  • Icon Serious flaws in IT and Cyber practices were identified

 

A strategic long-term plan and corrective actions were proposed based on this information.

Direct communication between external IP addresses and the company’s internal network were identified and evidence of intrusion detected.

The use of potentially dangerous software such as TeamViewer highlighted the possibility of unauthorised access to the network via a remote source.

A high amount of PSEXEC activity highlighted the possibility of compromised User Accounts and external access to sensitive information.

The deletion of windows log files indicated an attempt to hide the presence of malicious software on the network.

Icon

As a newly appointed CISO, I had an urgent need to get an accurate picture of the company’s IT infrastructure. Without GuardYoo's automated compromise assessment this would have taken months of hard work. GuardYoo's compromise assessment report gave me a precise understanding of what needed to be done immediately to fix security flaws and proceed with the infrastructure security development.


CISO, Express Delivery Company

Icon
Conclusion

GuardYoo’s Compromise Assessment audit confirmed that the company's existing level of cyber security was not fit for purpose and there was a high chance that any future attacks would go undetected.

The results of the Compromise Assessment were of real value to the newly appointed Information Security Management team as they were given a clear picture of the organisation’s true Cyber Posture and now had a list of issues that needed to be addressed as a priority.

As a result of GuardYoo recommendations, the company was able to significantly reduce the number of active threats to their network.

This gave the company’s Information Security team a great foundation to secure the organisation against future threats to their business.