Case Study on Incident Response for Market Research Company

This case study details the incident response efforts undertaken by WithSecure to defend a global market research company from a live cyber attack. The client faced a potential breach as their hosts were communicating with known malicious IP addresses. The incident response team was engaged to contain and investigate the breach, which was traced back to a vulnerable external-facing website. The attackers had been active for approximately 25 days and were positioned to deploy ransomware across critical business systems. WithSecure's team analyzed Windows event logs, identified the exfiltration of the Active Directory database, and deployed an endpoint agent across over 16,000 endpoints. They detected Cobalt Strike beacons and established that the attackers had gained full domain access. A containment plan was developed, and actions were taken to degrade the attacker's command and control channels. Following the intervention, WithSecure implemented remediation measures and detection rules to prevent future attacks, successfully safeguarding the client from long-lasting damage.