Case Studies

Case Studies – Cybersecurity

After-Hours Ransomware Infects All Network-Based Servers

Responding to Cyber Threats to Keep Business Running As Usual

Problem

A US-based industrial construction company experienced a severe after-hours network outage that crippled the entire business operations, including all email and computer network resources. The company’s internal IT department responded to the outage and quickly determined that all network-based servers had fallen victim to rapidly spreading ransomware, which also rendered the onsite backups inoperable.

Solution

The company employed Pathway Forensics engineers, who quickly responded to the attack, both physically onsite at the client’s offices and virtually through secure channels to a Security Operations Center. After immediately investigating and triaging the ransomware event, Pathway analysts and engineers went to work by first isolating the infected servers, then rerouting critical business applications and email traffic through an alternative secure network infrastructure.

Results

The redirection of network and email traffic allowed the business to continue with primary operations while Pathway engineers restored the company data and rebuilt a much more resilient IT system and network infrastructure.

Services Employed

Incident response

Investigation

Remediation

Title Company Falls Prey to Wire Transfer Fraud

Responding to Sophisticated Phishing Attacks

Problem

A title company – through its normal course of business – performs millions of dollars in financial transactions every year via wire transfers. After several transfers failed to reach the correct client, the company began to investigate the transfer process and learned that they had become a victim of fraud, with losses totaling more than $700,000.

Solution

Pathway Forensics was engaged to conduct the investigation and mitigate any digital threats that might still be lurking on the company network. During the investigation, our analysts quickly noticed that a broker’s email account had been compromised during a sophisticated phishing attack in which malicious actors set up forwarding rules to an unknown outside address. We also learned these actors would observe email activity within the company and wait for wire transfer instructions to be ordered. At that time, they would interject into the conversation – acting as the broker’s manager – and then change the transfer routing information and account.

Results

Upon completing the investigation, Pathway remediated the forwarding rules and reviewed all other email configurations for indications of compromise. All effected employees’ accounts were reset and two-factor authentication was implemented as an additional layer of protection. We documented our findings in an official report that the client shared with law enforcement to begin an official criminal investigation. 

Services Employed

Investigation

Remediation

Case Studies – Digital Forensics

Departing Employee Data Exfiltration Investigation

Investigation and Remediation Effort Protects IP from Competitors

Problem

A US-based energy services and equipment company had departing employees recruited by a competitor. Shortly after, the competitor began to outbid them on key contracts using pricing and schematic models that appeared to be derived from their proprietary templates.

Solution

The company employed Pathway Forensics to work with HR, IT, and outside counsel to identify and collect computer and online account data related to the former employees, and investigate their activity prior to and after their departure. Pathway’s analysis indicated several key schematics and sales model templates that were exfiltrated via webmail, removable media, and cloud services in the few weeks leading up to the employees’ departures. Pathway provided expert witness testimony that helped the client win a temporary injunction hearing. We also created and executed a file remediation plan for the client to ensure the exfiltrated intellectual property was contained and deleted securely.

Results

Pathway worked with the client’s HR and IT teams, along with outside counsel, to ensure the client’s intellectual property was removed from all sources outside the client’s control and provided expert witness testimony to help secure a favorable settlement and recovery of damages resulting from the use of the client’s proprietary information.

Services Employed

Forensic Data Preservation

Forensic imaging of desktop and laptop computers

Forensic collection of online cloud storage and webmail accounts

Forensic Analysis and Reporting

Detailed analysis of user activity and artifacts of data exfiltration

Forensic reports and exhibits used in hearings

Expert witness testimony

Secure Data Remediation

Tracing sources of exfiltrated data and planning remediation protocol agreement

Secure deletion of exfiltrated intellectual property

High-Tech IP Taken by Former Employees

Keeping Source Codes Protected from Inside Threats

Problem

Quantlab, a high-tech company in Houston, Texas, invested many years and millions of dollars in developing valuable source code. Three employees abruptly left the company, leaving behind a mole. Six months after leaving, the departing employees started a competing business. Quantlab suspected the former employees took the proprietary code with them to the new company.

Solution

Pathway Forensics was hired to preserve and analyze devices retrieved from multiple sources, including the former employees’ new company and their personal items. Our experts examined more than 125 pieces of evidence, and our analysis proved Quantlab’s suspicions were merited. We found evidence the former employees and the mole not only took their employer’s source code, but also took intentional steps to cover their tracks, thus spoliating evidence in an attempt to avoid justice. We provided evidence and expert witness testimony in the evidentiary hearing that led to death penalty sanctions being imposed.

Results

After documenting our findings in more than 300 pages of expert reports, declarations, and affidavits, plus offering expert witness testimony over two days in a federal court trial, Quantlab received a favorable verdict and was awarded more than $40M.

Services Employed

Digital forensics

eDiscovery

Expert witness testimony

Case Studies – Additional Consulting Services

Chemical Company Outsources Ops Improvements

Utilizing external experts to optimize internal skillsets and processes

Problem

A global chemical company wanted to make improvements within their IT Security and Forensics department, specifically focusing on processes and procedures along with staff training. They decided hiring an outside expert would yield the best results.

Solution

Pathway Forensics was contracted to assist with forensic toolset selection and procurement, hardware recommendations, forensic lab processes and procedures, internal process development for new internal legal cases, documented workflows with training guides, and forensic training of the company’s full-time staff. During the process, Pathway also assisted with an internal investigation, collecting data from six custodians from one of the company’s locations in China and performing a routine, high-level investigation. When reviewing the data loss prevention logs, we discovered many alarming log entries that indicated data exfiltration of confidential, business-critical documents.

Results

The internal team not only has the right tools, resources, and workflows in place, but by observing Pathway’s investigative process, they now have a better understanding of the types of red flags to look for in future investigations. Additionally, they consult Pathway regularly whenever questions arise, getting an immediate answer and continuing to expand their own expertise.