Hijacked Internal Server Identified at $10 Billion Communications Company

 

THE CHALLENGE

Crypto mining can be extremely lucrative. It is also requires an extreme amount of expensive compute resources and electricity, making it fertile ground for hackers to exploit enterprise networks for their own mining efforts. When an internal server at a large, $10 Billion+ global communications company was hijacked and hacked, time was being sold on the dark web. Traditional perimeter based defense mechanisms that rely on historical log data and sophisticated queries by data scientists would mean that identifying this breach would be delayed by many weeks.

THE SOLUTION

Using VASA by RANK Software, the business was able to see activity showing high rates of remote desktop activity from that server going to the outside world using real-time search. This behaviour was identified as anomalous as it deviated from the traditional pattern of people connecting to servers as opposed to the outside. Beyond identifying this severely anomalous activity, VASA’s asset mapping was able to pinpoint where this RDP activity was coming from.

THE RANK DIFFERENCE

RANK is uniquely able to deliver this solution through:

  • Real time searching and hunting that allowed the security analyst to gather data without compromising data fidelity - this allowed for RDP searching across all IPs
  • Asset mapping enabled the security analyst to pinpoint where this RDP activity was coming from
  • Anomaly detection flagged that the internal server was reacting in an unexpected way - showing large amounts of outbound data connections

Get a Demo