Search

Root Cause Analysis

Americas

HKA

A financial technology company's data was exposed to the internet due to a cyber-attack from malicious actors.

Brief

HKA’s Cybersecurity & Privacy Risk Management team was engaged to investigate a Linux (CentOS) server on the company’s network after a network misconfiguration resulted in information being exposed to the internet.

What we did

HKA conducted a root cause analysis on a digitized image of the server to determine the details of the attack and scope of unauthorized user activity, lateral movement, and data exfiltration.

Activity logs, event logs, archived and compressed files, data remnants, and log files were examined, and access data was geolocated for a baseline activity reference.

HKA correlated log-on activity to application logs to identify the avenue of access beyond the initial entry. Furthermore, HKA constructed timelines for all known unauthorized access events.

 

Outcomes

HKA verified the company’s data was not exposed or exfiltrated. HKA did not find evidence of unauthorized activity beyond the initial access, or any evidence of files being created, modified, or downloaded relative to the known malicious activity.

HKA provided detailed recommendations for further internal remediation and network architecture.

Project Details
  • Client
    Financial Technology Company
  • Year
    2022
  • Value
    Confidential
  • Services
    Incident Response
  • Sectors
    Cybersecurity & Privacy Risk Management