Worked in Critical Money Laundering case in a foremost bank and identified the inside attacker activities along with complete technical reports. Completed the investigation and submitted the case details with Interpol team to arrest the victim.
Digital Forensics Investigation lessons learned made us to deploy various use cases, SOC Enrichments, Detection capabilities, PAM Solutions and other security solutions post Money Laundering investigation within the bank.
Manual Ransomware Incident Analysis – Typically in a banking environment we can’t install any third-party tools; Ransomware infected Teller machine has been manually investigated to confirm the alert received through McAfee. SOC Team was about to close the case as False Positive, but our manual investigation saved the bank from RANSOMWARE ATTACK and created in-house capabilities with Effective Incident Response Plans.
Mystery of Auto Launch of AWS Instances – In one of our client environments, the AWS instance frequently launched at specific time and client was billed heavily, unable to find the solutions. We drove the incident management and identified the root cause and solutions. Enabled the WFH Laptop security compliance after the incident completion.
Internet Relay Chat Monitoring – One of our clients was threatened for Targeted attack by “Anon Team”. We logged into “Anon” IRC and been there for 3 days and identified the ways and the tools which will be utilized by them in the attack. So, we prepared the effective use cases, enriched CRC & KRS Rules and requested AKAMAI Team to deploy the Blocking mechanism for identified tools. We were able to successfully block all the Targeted attacks and submitted the Investigation Reports along with Evidences on how we blocked the Targeted Attack.
Core Banking – Directory Traversal Attack – While we were providing “Security Consultant Services” to one of the banks, Consultant found “Directory Traversal Attack” to their core banking website. Immediately raised P1 Incident, Initiated the bridge calls, Pulled the relevant team, resolved the incident in 2 hours. As per the mutual Legal & Government Law, we need to submit the case to National CERT Team. Consultant drove the complete P1-Case and liaised with CERT Team members and Banking GRC team to close the incident effectively. This brought effective learning to our client through which they have deployed WAF, Revised Banking WAF Policies, Blocking Policies and Internal CERT Team formation.
Banking – Standard Operating Environment Deployment – One of our Security Consultant identified lots of unwanted applications installed in banking environment including TOR, P2P, Browsers, Open-Source Apps which leads to Malware and environment compromise. Effectively worked with CISO, Deployed the Effective IT Security Control, Policies, Endpoint Protection through EDR and Enriched the Detection mechanism through SIEM Use Cases.
