Tasks and Objectives
We have been approached by a medium sized financial client for consulting after they have discovered two of their confidential customer excel spreadsheets on a well-known paste-bin website on the so-called dark web. The dark web is the place online where most criminal and hacking activities take place. It can only be accessed by means of special software.
Fast Lane Services and Solution
We performed an in-depth forensic audit across their infrastructure and found numerous hidden covert backdoor channels to a server located in the far-east Asia. Upon further investigation it became clear that the hackers managed to bypass firewalls and IDS systems through simply tunneling an exploit to the 1st target server inside HTTP.
Once that system had been compromised it has been used as a hop to launch further attacks on the inside in order to compromise a share-point server. We have then conducted a full internal and external penetration test ourselves and found numerous systems with vulnerabilities, which had previously been exploited by the attackers. Almost all damage could have been prevented by using the latest server versions and if the client would have patched all systems to the latest version. Additionally, Web based IPS filtering could have prevented the tunneling attack in the first place. We have produced a report, which highlighted all vulnerabilities along with mitigation strategies.