Assisting a world-leading credit card provider to recover from a covert malware breach

Situation

A server in a data center of one of the world’s largest white label credit card providers is covertly compromised by malware. The breach leads to the theft of hundreds of temporary credit card account numbers and the siphoning off of millions of dollars into foreign bank accounts. The financial damage resulting from stolen assets and disruptions to normal business activities eventually runs into the tens-of-millions of dollars. The severity of the data breach also triggers a punitive response from the Payment Card Industry (PCI) Security Standards Council. In addition to a $100,000 fine, the company is given a short window of time to remediate the situation and submit proof of PCI security compliance or face total operational termination.

Action

Fearing that the source of the breach was internal, the company’s chief security officer (CSO) hired GRA Quantum to quickly and discretely investigate the situation and isolate the threat. GRA Quantum’s incident response team traveled to three different continents in order to conduct dozens of first-hand employee interviews and examine hundreds of pieces of evidence. The incident response team examined transactional records, log files, endpoint devices, and assessed the integrity of the physical security standards of the client’s remote data centers. As the case developed, GRA Quantum maintained continuous communication with the client’s board of directors in order to ensure PCI compliance was met as soon as possible.

Outcome

GRA Quantum’s investigative report concluded the source of the breach was not internal, but rather originated from a Russian criminal element notorious for ransomware attacks. Our technicians traced the source of the breach to the computer of an unsuspecting employee who, while on a business trip, had inadvertently accessed an unsecure public network being monitored by Russian hackers for potential victims. The hackers ultimately worked their way into one of the company’s data centers through an access point made available by the employee. The full contents of GRA Quantum’s report, including the recommendations therein, helped the client come into full compliance with PCI’s requirements, helping to avert a total shutdown of operations and saving the company millions of dollars. The client subsequently sought out GRA Quantum’s services again – this time to assist with the creation of a standardized cybersecurity education program for all current and future employees.