CSIS prevents a high severity incident from becoming a complete crisis scenario

Meet CSIS Security Group, part of Allurity and a leading provider of advanced cybersecurity capabilities, focused on actionable and intelligence-driven detection and response services. CSIS is the preferred cybersecurity partner to notable organizations across various sectors, including Banking & Financial Services, Energy & Utilities, Manufacturing, Transportation & Logistics, as well as Government & Public Sector. As a leader in their field, CSIS understands the importance of protecting their customers from cyber threats that could compromise their sensitive data and put their business at risk.

The attack

Recently, the CSIS Security Analyst Team detected, investigated, and remediated a high-severity incident  for a customer (a global innovator within the medical-device manufacturing industry headquartered in Denmark) that could have led to a devastating loss of data. Thanks to CSIS Managed Detection and Response (MDR) Team, the incident was contained with minimal impact, and their customer’s data remained secure.

The attack was initially detected through a low-criticality alert on the Microsoft Sentinel Platform. However, upon further investigation, the CSIS MDR Analyst Team discovered that the incident was actually of high severity, with malware detected on their customer’s endpoint.

The solution

The MDR Analyst Team acted swiftly, containing the malware and preventing further lateral movement through file quarantine and process execution stop. Additionally, Microsoft Defender for Endpoint (MDE) was able to block the Command and Control from connecting successfully, effectively isolating the affected machine.

After scanning the dropped malware, CSIS’s customer was instructed to localize the infected drive and to ship the collected drive to the CSIS MDR Team for further analysis. Quick escalation from the CSIS MDR Analyst Team and prompt remediation by CSIS’s customer resulted in containing the malware with minimal impact. Despite the advanced nature of the malware, the CSIS Team provided a professional and prompt response that was crucial in the containment and remediation of the cyber attack.

The CSIS MDR Engineering Team also took the next steps to protect their customer by blocking the IOCs in their Microsoft Defender for Endpoint and creating custom queries for Threat Hunting activities. Further analysis revealed a previously unidentified malware, now known as “Raspberry Robin.”

A true team effort

The dedication of CSIS to ongoing prevention and hardening of their customer’s security posture is evidenced by their full forensic report on how to best prevent such an attack from happening in the future!

About CSIS

CSIS is part of Allurity family and leader in actionable, intelligence-driven detection and response services.