Customer Case Study: Armed™ Powered By UDT – Logistics

A wire fraud scheme, aimed at a user within the finance department of the Logistics company, caused the event, resulting in the user transferring several hundreds of thousands of dollars to the cybercriminals that launched the attack.

CLIENT – INDUSTRY VERTICAL

Logistics Industry – Large client, with many distributed offices.

CUSTOMER SUCCESS STORY

One of United Data Technologies (UDT) clients, a large Logistics industry business, experienced a significant information technology and operational security issue resulting from what was identified to be a targeted phishing campaign.

A wire fraud scheme, aimed at a user within the finance department of the Logistics company, caused the event, resulting in the user transferring several hundred thousand dollars to the cybercriminals that launched the attack. This Logistics company is large, so at first the attack went un-noticed, despite the already robust Microsoft cyber-defense architecture.

UDT is a Microsoft Gold-competency Partner and supports a number of needs surrounding cybersecurity, and offers other IT business solutions, for this client. When the cybersecurity incident was identified, UDT initiated its unique ARMED Powered by UDT Governance-as-a-Service (SaaS) solution to interact with and augment, the Logistics client’s Microsoft services. ARMED further isolated the issue providing a detailed detection, cleansing, and hardening of critical systems. Through ta unique combination of professional services and a SaaS “single pane of glass,” we consolidated Microsoft Security with other related protection and remediation services. In this case, the application was UDT’s ARMED platform for Microsoft Office 365 ATP and Microsoft Windows Defender ATP.

  • Deal Size: Approximately 250 servers migrated to MS Azure services
  • Vertical/Region: Logistics Industry (National/Worldwide)

CO-SELL OPPORTUNITY

United Data Technologies (UDT) is a Microsoft Gold-competency Partner. ARMEDTM Powered by UDT is a unique solution to the company – representing UDT’s intellectual property – designed specifically to work with Microsoft Security Solutions while adding significant additional layers of detection, isolation, remediation and process design. ARMED combines unique, patent-pending professional services and technology that supports, enhances and adds to Microsoft Advanced Threat Protection (ATP) for Microsoft Azure (Azure ATP), Microsoft Office 365 (365 ATP), and Microsoft Windows Defender (Windows Defender ATP). UDT can bundle the ARMED Governance-as-a-Service professional services and SaaS platform with the Microsoft tools, or provide it as an addition/ supplement to these platforms based on previous subscriptions.

PROOF POINTS – ARMED POWERED BY UDT FOR MICROSOFT OFFICE 365 ATP AND MICROSOFT WINDOWS DEFENDER ATP

  1. UDT’s Logistics industry client’s security incident initially identified as potentially malicious in Microsoft Office 365 ATP:
  • Office 365 ATP recognized it as spoofing from what would have been perceived as authorized vendor to the finance department. (Office 365 ATP and Windows Defender ATP detected a small misspelling of the vendor’s name in the potentially malicious email.)
  1. The user payload on the email had a “backdoor” – for the recipient – for an invoice (an .exe file).
  2. Once accidentally initiated – via presumed download of the false invoice – the user began to experience slowness on the internal system.
  3. The identified vulnerability was connected to all of the Logistics industry client’s systems attached to credit cards and other financial information.
  4. UDT was engaged to investigate the issue. UDT activated ARMED for Microsoft Office 365 ATP and Windows Defender ATP to:
  • Analyze Office 365 ATP, wherein UDT’s ARMED platform identified that the security incident spread to eight (8) users in the accounting department.
  • Search on .exe files /payloads, execute detection and remediation on six (6) of the eight (8) user systems, and infections on systems in the company’s network. UDT’s ARMED professional services and technology extended the Microsoft Security platform to search and detect which directories and systems were affected, including what outbound activity may have been coming from those identified systems.
  1. With ARMED, UDT’s team was able to discern that if undetected, the phishing email and attachments may have created a large hole in the Logistic industry client’s network, with six (6) to eight (8) systems causing outbound communication to a malicious network:
  • As the client is large, they may have missed this security vulnerability for a long time without UDT’s ARMED Governance-as-a-Service solution.
  • Detailed by the findings through ARMED, the security incident was a two-tier/two-phase attack with the following potential results if not quickly addressed:

o The email demanded a mid-six-figure dollar amount in ransomware.

o The cybercriminals used phishing to install a back door into our client’s systems. If this had gone undetected and without remediation, they could have  siphoned off information from the company, including sensitive financial information for months.

  1. If publicized, the incident could have created a huge credibility loss with the company’s customers. UDT, with ARMED, was able to detect, protect and remediate the issues in a timely-enough fashion to avoid this unfavorable outcome.

Click here to view the original report.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

How to Use Student Personas to Inform Your K12 Device Strategy

Elementary, middle, and high school students have different learning needs; naturally, they require different devices for digital learning. This blog will leverage insights from UDT’s recent webinar (June 4), “How to Leverage ‘Back to School’ Personas to Build Your Device Strategy.” Discover ways to identify the student-centric persona groups in your school district and how they can impact your device procurement and management considerations. Learn more by viewing our webinar recording. Looking for additional support? Download our latest guide, “2024 K12 Device Strategy Guide: Choosing the Right Device for Every Learner.”

Guide – Build Your K12 Device Refresh Strategy

Four years after the pandemic, school districts are now readying up to conduct their next large-scale device refresh. Download the guide and benefit from expert insights on how to make tactical improvements to your K12 device strategy.

What AI Means for Your Next K12 Device Refresh 

Artificial Intelligence (AI) is transforming K12 education. This article discusses the role of AI-first processors in the next generation of educational devices.

The Growth of Cybercrime-as-a-Service

Learn why you should worry about Cybercrime-as-a-Service (commonly abbreviated as either CCaaS or CaaS) and what you can do to protect your business from highly organized and sophisticated criminal elements.

Navigating K12 Device Repair After ESSER 

With ESSER funding ending, K12 tech repairs become a challenge. Discover how school districts can navigate device repair and refresh needs effectively.

QR Codes Are the Latest Cyberthreat to K12 Schools—Here’s Why

QR codes are convenient but can pose security risks. Discover how to check if a QR code is safe and prevent cyberattacks in your school.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:

RECOMMENDED IMMEDIATE NEXT ACTIONS

  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,