Client Assessment Summary: Intrusion detection in water treatment plant manufacturer in India
The client is a water treatment plant manufacturer and supplier in India, one of our SMEs was contacted regarding some network irregularities and website defacement for this client, we came in contact with the client and they want us to perform a threat hunt in their network, while first looking at their defaced website, we had an indicator that the attackers were from our neighbouring country. We then went deeper into their internal network and found that one of their IT guy's systems was infected by FUD(Fully undetectable) malware and indicators suggested that proper data exfiltrations were performed by the attackers.
Adversaries gained access to their emails.
Adversaries were able to exploit a vulnerability in their web application to access the server.
Successful exfiltrations were performed, and database logs, email conversations, contract copies, and legal documents all were exfiltrated.
The client's networking team informed us that they saw the heavy egress traffic 4 months ago and restricted that, the exfiltration was then found to be done on an external server to our neighbouring country.
After this assessment report was handed over to the client, we deployed a SOC(Security Operations Center) for the client with a proper security budget and planning.