An Auto Dealership Chain Client contacted Winquest (at 5:00 PM on a Friday afternoon) to request Incident Response support to recover from a major data breach. The Client contacted the State Police, the FBI and their insurance company after the credit reporting agencies suspended the ability to pull credit reports due to unauthorized use of the Client systems. The insurance company laid out the qualifications required to hire an incident response company and Winquest met those requirements (the Client’s Information Technology (IT) support company did not and referred the Client to Winquest). While the Client was gaining approval to hire us, Winquest personnel were alerted and preparing to deploy to the Client site.
Upon arrival at Client site, the Winquest Incident Response Team (IRT) confirmed the scope of operations with executive management, conducted interviews and quarantined the systems that were suspected of compromise. Those systems hard drives were copied for analysis and the originals were bagged and tagged as evidence for FBI use. The IRT met with the FBI team and received high praise from the Special Agent leading the FBI investigation.
Winquest analysis discovered a zero day vulnerability had been used to gain access to multiple Client systems and use that access to pull credit reports. Winquest personnel were able to remove the malicious code responsible for the breach, scan the Client network, certify the system was free of the malware that caused the incident and help the Client meet the credit reporting agencies security requirements. Once the requirements were met, the Client was able to resume accessing credit reports.
At the conclusion of the IRT mission, The Client and Winquest executed a Service Level Agreement to continue support via quarterly vulnerability assessments, employee awareness training and Policies and Procedures development and implementation.
An Investment Adviser Client contacted Winquest to perform a vulnerability assessment of their network and mobile devices prior to a possible SEC cybersecurity sweep examination. Winquest deployed a team to Client site and conducted a full vulnerability scan of Client systems. The Client was doing a good job of keeping software patches updated and systems inventories current but there were still over 1000 vulnerabilities discovered (which is not unusual).
The largest vulnerability was discovered when Winquest compared our network map with the Client’s inventory and found a discrepancy in the systems still functioning on the network. The Client had a server on their network that was supposed to be turned off and removed over a year prior but was still operating. Since the Client believed the server had been removed, no security updates had been made which made the system highly vulnerable to attack. The server was immediately removed from the network which eliminated the vulnerability.
A $1B Manufacturer/Retailer Client contacted Winquest to perform a vulnerability assessment of their network and get a third-party view of their security. Winquest deployed a team to Client site and conducted a full vulnerability scan of Client systems working with the Client’s IT department. The Client was doing a good job overall but still had over 1000 vulnerabilities (which is not unusual).
The largest vulnerability was discovered when malware was found on an Industrial Control System (ICS) on their production floor. The malware had the capability to beacon out information about the Client’s production to unauthorized personnel. The Client discovered the ICS was still under the system vendor’s control and not theirs. The Client brought the ICS under the supervision of their IT department, corrected the problem and thanked Winquest for our services.
Winquest support doesn’t end when our mission is accomplished. We encourage our Clients to contact us, free of charge, anytime they have cybersecurity questions or concerns. For example:
- A Client received a suspicious email from the CEO to the CFO requesting the wire transfer of a large amount of money. The Client immediately contacted Winquest and we helped them execute their Incident Response drill to ensure they were able to cancel the transfer and confirm their system wasn’t infected with malware from the email.
- A Client opened a PDF document and it immediately disappeared and couldn’t be located. The Client contacted Winquest and we were able to diagnose the incident as a software problem and confirm it was not malware related.
- A Client asked Winquest the best kind of lock to install after our vulnerability assessment mission discovered the server room door had no lock on it. Winquest helped the Client determine the best type of lock to use and sent links to vendors where they could purchase it.