Business Continuity Awareness Week cyber security case studies

The Business Continuity Institute

BCAW 2017

Brute force attack
Org 7, an African based manufacturing company became the victim of a brute force attack of their corporate email service. During a feedback session regarding a failed bid for a significant tender between Org 7 and the potential purchaser, Org 7 was informed that their submission was essentially identical to one of their competitors although more expensive. Org 7 were of the understanding that their offering and proposed strategy was unique to them as a company… Read more here.

DDoS attack
A successful distributed denial of service (DDoS) attack on any company is often evident not only to the business itself but also the broader public. Org 8, a payments company headquartered in the UK, became the victim of a successful DDoS attack on 18th December, one week prior to Christmas, traditionally the busiest online shopping period for the company. Online sales during this period typically generates Org 8 over 25 percent of its annual revenue… Read more here

Known vulnerability exploitation
Org1 is a large internet service and telecommunications provider with a diverse portfolio of network and data services. In 2014, Org1’s operations team responded to a firewall performance issue. On troubleshooting of the device, it was discovered that the cause was an internet facing system that was conducting network scans using NMap, a network scanning tool, which was unauthorised behaviour and the cause of the failure. The system was functioning as a network load balancer to a subversion code repository and did not have an external web interface or much by way of internet facing attack surface… Read more here.

Zero day exploitation
Org2 is a specialist technology company based in the UK. The Org2 IT security operations team responded to an alert from its corporate anti-virus provider that a copy of password stealing malware had been found on three of its domain controllers. This was a serious incident and an investigation was immediately launched… Read more here.

Phishing for credentials
Org 9 is a multi-national Japanese manufacturing robotics company headquartered in Japan with European operations. Org 9 designs and manufactures robotics used in fabrication and manufacturing facilities throughout the world from automotive production lines to the assembly of micro-electronics… Read more here.

Phishing with malware
Org 10 is a large multi-national financial services provider. Org 10 began receiving notifications from various customers regarding phishing emails that appeared to originate from its mail server and resulted in customer’s computer systems becoming infected and their customers losing their money through fraud. The phishing emails contained an attachment that was identified as a malicious trojan by antivirus (AV) software running on some of the customer systems. Org5 initiated an investigation.… Read more here.

Rogue update attack
Org 5 is a mid-sized discount retailer specialising in low cost household items. Over recent times, the company has gone through a period of rapid growth followed by significant resource constraints on its IT department. The IT department attempts to manage this rapid growth and keeps everything up to date as much as possible by contracting with its software providers to manage updates… Read more here.