The security room of Mis-Tech was silent.
John, the CISO, was keeping a cool face while freaking out inside. “Where is my team? We are under attack, and we need to go into damage control mode!” he said calmly. But his voice gave away the worry.
His underlings, Chris and Alice, both veteran security administrators, were in the office frantically trying to figure out the cause of the attack. Sid, the new recruit, was away and MIA (missing in action).
The hackers had gotten into their network. They had not found the point of attack, and their XDR tool was not proving to be money well spent!
Entering the room with cola in hand, Sid immediately realized the gravity of the situation. He knew something was off and got back to work.
It was going to be a rough day ahead.
A Temporary Fix
With the hackers swiftly spreading ransomware across the network, the entire team went into recovery mode.
John barked, “Alice, start isolating and shutting down infected endpoints; we need to minimize the damage.” (Network Segmentation works!)
“Chris, we need to completely lock down the network and cut off all external communication. Can’t let the hackers infect more devices. Especially the critical ones.”
“Sid, get useful and start restoring the backups. We need to get our critical services back up and running.”
So, Sid quickly formatted the infected systems of the critical business units, reinstalled the OS, and restored data.
“Finally, some breathing space! At least the downtime for the client was less than 4 hours,” said Sid.
But the job was not finished!
The hackers were still inside the network. It was time to go through each system, destroy the malware, clean install OSs, and restore functions. Hard at work, each of them was trying their best to reduce the impact.
The job was not finished yet, but the team was pretty damn close.
A Silver Lining
The silver lining among the chaos was that the organization’s sensitive data and backups were stored in a completely different network, isolated from the main network.
Adding to it was that the infected systems didn’t contain sensitive or proprietary information, and the data encrypted inside the ransomware was not important.
The hackers had got in, but the damage done was minimal.
The Aftermath of the Attack
Preventing attacks was John’s team’s job, not using the backups and fixing infected devices. Over the next weeks, the team went to each and every device in the network and cleaned it up.
It was tough but necessary.
The hackers had gotten away with some info and had encrypted some more. But since it was not important, the ransom threats didn’t stick.
After a week of laborious work, the network was secure. It was the most tense, exhausting, and demanding week of each of their lives!
Sid said, “I need a vacation boss.” Only to find daggers staring back at him.
John replied, “We need to find out how they got through Sid. Until then, we can’t rest. They can strike us at any moment. If we are not prepared.”
The team had done well. But there was a lot of learning to do. Nevertheless, they could all use a break, thought John.
Finding the Origin of Attack
After ordering some pizzas and drinks, John and his team held a post-cyberattack meeting. It was time to face the music from the management. And time to find out why the cyberattack happened in the first place.
John was already in touch with his friends at The Pen-testers to penetration test the entire network. They were already hard at work, trying to find exploitable loopholes through which the attack could have occurred.
The efforts had borne fruit, and the team had found the root cause of the cyberattack.
It was a shadow asset, unused for a long time, containing a simple default settings misconfiguration.
The default settings gave admin access to every user, making it easy for attackers to enter the network and wreak havoc.
It was a simple weakness in the network. But it shook the security team of Mis-tech to its core.
It was a costly mis-take (pun intended ?)
So What’s Next?
The worst was over. It was time to take accountability and action.
The management, shareholders, and the clients were worried. And were looking for answers.
John took complete responsibility for the attack and ensured that defense measures would be taken.
But he was not sure how.
But in his mind, there were two scenarios that could happen.
- Scenario 1: Find a way to prevent cyberattacks and not react to it.
- Scenario 2: Do nothing and pray for the best.
Find out what he chose in the next episode of “The Story of Mis-tech?”
