Customer Case Study: Armed™ Powered By UDT – Logistics

A wire fraud scheme, aimed at a user within the finance department of the Logistics company, caused the event, resulting in the user transferring several hundreds of thousands of dollars to the cybercriminals that launched the attack.

CLIENT – INDUSTRY VERTICAL

Logistics Industry – Large client, with many distributed offices.

CUSTOMER SUCCESS STORY

One of United Data Technologies (UDT) clients, a large Logistics industry business, experienced a significant information technology and operational security issue resulting from what was identified to be a targeted phishing campaign.

A wire fraud scheme, aimed at a user within the finance department of the Logistics company, caused the event, resulting in the user transferring several hundred thousand dollars to the cybercriminals that launched the attack. This Logistics company is large, so at first the attack went un-noticed, despite the already robust Microsoft cyber-defense architecture.

UDT is a Microsoft Gold-competency Partner and supports a number of needs surrounding cybersecurity, and offers other IT business solutions, for this client. When the cybersecurity incident was identified, UDT initiated its unique ARMED Powered by UDT Governance-as-a-Service (SaaS) solution to interact with and augment, the Logistics client’s Microsoft services. ARMED further isolated the issue providing a detailed detection, cleansing, and hardening of critical systems. Through ta unique combination of professional services and a SaaS “single pane of glass,” we consolidated Microsoft Security with other related protection and remediation services. In this case, the application was UDT’s ARMED platform for Microsoft Office 365 ATP and Microsoft Windows Defender ATP.

  • Deal Size: Approximately 250 servers migrated to MS Azure services
  • Vertical/Region: Logistics Industry (National/Worldwide)

CO-SELL OPPORTUNITY

United Data Technologies (UDT) is a Microsoft Gold-competency Partner. ARMEDTM Powered by UDT is a unique solution to the company – representing UDT’s intellectual property – designed specifically to work with Microsoft Security Solutions while adding significant additional layers of detection, isolation, remediation and process design. ARMED combines unique, patent-pending professional services and technology that supports, enhances and adds to Microsoft Advanced Threat Protection (ATP) for Microsoft Azure (Azure ATP), Microsoft Office 365 (365 ATP), and Microsoft Windows Defender (Windows Defender ATP). UDT can bundle the ARMED Governance-as-a-Service professional services and SaaS platform with the Microsoft tools, or provide it as an addition/ supplement to these platforms based on previous subscriptions.

PROOF POINTS – ARMED POWERED BY UDT FOR MICROSOFT OFFICE 365 ATP AND MICROSOFT WINDOWS DEFENDER ATP

  1. UDT’s Logistics industry client’s security incident initially identified as potentially malicious in Microsoft Office 365 ATP:
  • Office 365 ATP recognized it as spoofing from what would have been perceived as authorized vendor to the finance department. (Office 365 ATP and Windows Defender ATP detected a small misspelling of the vendor’s name in the potentially malicious email.)
  1. The user payload on the email had a “backdoor” – for the recipient – for an invoice (an .exe file).
  2. Once accidentally initiated – via presumed download of the false invoice – the user began to experience slowness on the internal system.
  3. The identified vulnerability was connected to all of the Logistics industry client’s systems attached to credit cards and other financial information.
  4. UDT was engaged to investigate the issue. UDT activated ARMED for Microsoft Office 365 ATP and Windows Defender ATP to:
  • Analyze Office 365 ATP, wherein UDT’s ARMED platform identified that the security incident spread to eight (8) users in the accounting department.
  • Search on .exe files /payloads, execute detection and remediation on six (6) of the eight (8) user systems, and infections on systems in the company’s network. UDT’s ARMED professional services and technology extended the Microsoft Security platform to search and detect which directories and systems were affected, including what outbound activity may have been coming from those identified systems.
  1. With ARMED, UDT’s team was able to discern that if undetected, the phishing email and attachments may have created a large hole in the Logistic industry client’s network, with six (6) to eight (8) systems causing outbound communication to a malicious network:
  • As the client is large, they may have missed this security vulnerability for a long time without UDT’s ARMED Governance-as-a-Service solution.
  • Detailed by the findings through ARMED, the security incident was a two-tier/two-phase attack with the following potential results if not quickly addressed:

o The email demanded a mid-six-figure dollar amount in ransomware.

o The cybercriminals used phishing to install a back door into our client’s systems. If this had gone undetected and without remediation, they could have  siphoned off information from the company, including sensitive financial information for months.

  1. If publicized, the incident could have created a huge credibility loss with the company’s customers. UDT, with ARMED, was able to detect, protect and remediate the issues in a timely-enough fashion to avoid this unfavorable outcome.

Click here to view the original report.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.​

Smishing Attacks are on the Rise—Here’s How To Keep Your Data Safe

Smishing attacks are on the rise, posing a significant threat to data security. Originating from a blend of SMS and Phishing, these attacks have seen a drastic increase since 2020. The widespread use of smishing attacks has persisted, with a lack of awareness being a major issue. Many view these as simple spam messages, unaware of the danger they pose. This blog aims to raise awareness about smishing and provide actionable insights to protect yourself and your organization.

5 Strategic Ways to Master Your IT Budget

Enhance finance IT efficiency with UDT and Cisco. Master IT budget planning, security, and innovation in the competitive industry.

IT Compliance Training for the Finance Industry (Get Your Resource Kit Now)

Download UDT’s IT Compliance Kit for financial services – empowering IT leaders to educate staff on compliance, data protection, and security.

Trend Alert! An Insider’s Look at the Latest IT Solutions for the Finance Industry

Explore the latest IT trends in finance and how UDT’s cutting-edge cybersecurity and managed IT services redefine security for the digital age.

Streamlining IT Operations in the Finance Industry—Top 10 Strategies for IT Leaders

Unleash the power of UDT and Cisco solutions with top 10 strategies to streamline IT operations for finance—enhancing security, compliance, and efficiency.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:

RECOMMENDED IMMEDIATE NEXT ACTIONS

  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,