Challenge
A routine internal security check at a leading Middle Eastern transportation service provider turned up an anomaly: a newly created user on one of their application servers. The origin and timing of this account creation were unknown, raising concerns about a potential data breach. Server logs showed this user had made lateral movements after initial server access, increasing the risk of a data breach. The client needed a specialist cybersecurity team that could determine the nature of the user, quickly, and deal with it swiftly.
Solution
Kualitatem’s arsenal of cybersecurity services focused on incident response, forensic investigations, and containment and eradication recommendations. Our extensive data analysis and analysis of artifacts revealed a server breach that used a sophisticated gradual approach to tunnel deeper into the client’s systems. Our comprehensive report enabled internal teams to execute a thorough containment and cleanup protocol.