top of page
paulcapatana

The EGGShell Story

This story is inspired from real facts and does not make any connections with companies with a similar name like the one chosen here


Once upon a time there was a mid-size company named Fictional LTD which processed card payments.


And they had a stable network made and managed in a professional way, for now we’ll call their network EGG


They also secured their network and upgraded their security devices, claiming that their network is safe from any known security threats, for now we’ll call their security as a Shell


And everything was fine for a while giving them confidence that they are safe


Until one day one of their employees called Juan received an email containing a very tempting attachment which claimed to contain an offer for lowest tariffs for vacation trips.


He decided to access that file just being curious of its content, and after he did that the file content displayed, but nothing suspicious seemed to happened so he was relaxed because no alarm was triggered by his actions.


In the meantime, something was happening, when he opened that file a malicious process was triggered and started running in background.


After 6 months passed from accessing that file, one day Juan complains that his computer is working as slow as a snail and because of that he is not able to complete his daily tasks, asking for an immediate remediation.


When the network administrator did accessed Juan’s computer to troubleshoot and isolate the problem he accessed the task manager and there he noticed a high CPU load, high Memory consumption and a large volume of data being sent over the network, also in Processes tab he saw a process that should not be there and that process was triggered when that file had been accessed.


There were a couple of immediate action that had been taken at that time:


First action was to search on Juan’s computer for the file that triggered that process and to copy that file in a safe environment to be sent for further analysis


Second action taken was to disconnect the computer from network and decommission it until the investigation is done.


Next step was to submit that file for analysis to a certified cybersecurity company.

After the file had been analyzed they discovered that during that 6-month period the attacker managed to stole 2Tb of customer related info.


Following this regrettable incident new security procedures have been enforced in order to secure the inside coming threats as well as the external ones.


The moral here should be that a network should be secured from inside – out direction in the first place and only after that should be secured from outside in, not the other way around.


Because no matter how strong and resistant may look an eggshell from outside, if it bursts from inside that apparent resistance is zero.


This story is based on real facts and this scenario affected already some US based companies


I can only hope that this story would create awareness regarding how safe we really are .









26 views0 comments

Comments


Post: Blog2_Post
bottom of page