Case Studies – Cybersecurity
After-Hours Ransomware Infects All Network-Based Servers
Responding to Cyber Threats to Keep Business Running As Usual
A US-based industrial construction company experienced a severe after-hours network outage that crippled the entire business operations, including all email and computer network resources. The company’s internal IT department responded to the outage and quickly determined that all network-based servers had fallen victim to rapidly spreading ransomware, which also rendered the onsite backups inoperable.
The company employed Pathway Forensics engineers, who quickly responded to the attack, both physically onsite at the client’s offices and virtually through secure channels to a Security Operations Center. After immediately investigating and triaging the ransomware event, Pathway analysts and engineers went to work by first isolating the infected servers, then rerouting critical business applications and email traffic through an alternative secure network infrastructure.
The redirection of network and email traffic allowed the business to continue with primary operations while Pathway engineers restored the company data and rebuilt a much more resilient IT system and network infrastructure.
Title Company Falls Prey to Wire Transfer Fraud
Responding to Sophisticated Phishing Attacks
A title company – through its normal course of business – performs millions of dollars in financial transactions every year via wire transfers. After several transfers failed to reach the correct client, the company began to investigate the transfer process and learned that they had become a victim of fraud, with losses totaling more than $700,000.
Pathway Forensics was engaged to conduct the investigation and mitigate any digital threats that might still be lurking on the company network. During the investigation, our analysts quickly noticed that a broker’s email account had been compromised during a sophisticated phishing attack in which malicious actors set up forwarding rules to an unknown outside address. We also learned these actors would observe email activity within the company and wait for wire transfer instructions to be ordered. At that time, they would interject into the conversation – acting as the broker’s manager – and then change the transfer routing information and account.
Upon completing the investigation, Pathway remediated the forwarding rules and reviewed all other email configurations for indications of compromise. All effected employees’ accounts were reset and two-factor authentication was implemented as an additional layer of protection. We documented our findings in an official report that the client shared with law enforcement to begin an official criminal investigation.
Case Studies – Digital Forensics
Departing Employee Data Exfiltration Investigation
Investigation and Remediation Effort Protects IP from Competitors
A US-based energy services and equipment company had departing employees recruited by a competitor. Shortly after, the competitor began to outbid them on key contracts using pricing and schematic models that appeared to be derived from their proprietary templates.
The company employed Pathway Forensics to work with HR, IT, and outside counsel to identify and collect computer and online account data related to the former employees, and investigate their activity prior to and after their departure. Pathway’s analysis indicated several key schematics and sales model templates that were exfiltrated via webmail, removable media, and cloud services in the few weeks leading up to the employees’ departures. Pathway provided expert witness testimony that helped the client win a temporary injunction hearing. We also created and executed a file remediation plan for the client to ensure the exfiltrated intellectual property was contained and deleted securely.
Pathway worked with the client’s HR and IT teams, along with outside counsel, to ensure the client’s intellectual property was removed from all sources outside the client’s control and provided expert witness testimony to help secure a favorable settlement and recovery of damages resulting from the use of the client’s proprietary information.
Forensic Data Preservation
Forensic imaging of desktop and laptop computers
Forensic collection of online cloud storage and webmail accounts
Forensic Analysis and Reporting
Detailed analysis of user activity and artifacts of data exfiltration
Forensic reports and exhibits used in hearings
Expert witness testimony
Secure Data Remediation
Tracing sources of exfiltrated data and planning remediation protocol agreement
Secure deletion of exfiltrated intellectual property
High-Tech IP Taken by Former Employees
Keeping Source Codes Protected from Inside Threats
Quantlab, a high-tech company in Houston, Texas, invested many years and millions of dollars in developing valuable source code. Three employees abruptly left the company, leaving behind a mole. Six months after leaving, the departing employees started a competing business. Quantlab suspected the former employees took the proprietary code with them to the new company.
Pathway Forensics was hired to preserve and analyze devices retrieved from multiple sources, including the former employees’ new company and their personal items. Our experts examined more than 125 pieces of evidence, and our analysis proved Quantlab’s suspicions were merited. We found evidence the former employees and the mole not only took their employer’s source code, but also took intentional steps to cover their tracks, thus spoliating evidence in an attempt to avoid justice. We provided evidence and expert witness testimony in the evidentiary hearing that led to death penalty sanctions being imposed.
After documenting our findings in more than 300 pages of expert reports, declarations, and affidavits, plus offering expert witness testimony over two days in a federal court trial, Quantlab received a favorable verdict and was awarded more than $40M.
Expert witness testimony
Case Studies – Additional Consulting Services
Chemical Company Outsources Ops Improvements
Utilizing external experts to optimize internal skillsets and processes
A global chemical company wanted to make improvements within their IT Security and Forensics department, specifically focusing on processes and procedures along with staff training. They decided hiring an outside expert would yield the best results.
Pathway Forensics was contracted to assist with forensic toolset selection and procurement, hardware recommendations, forensic lab processes and procedures, internal process development for new internal legal cases, documented workflows with training guides, and forensic training of the company’s full-time staff. During the process, Pathway also assisted with an internal investigation, collecting data from six custodians from one of the company’s locations in China and performing a routine, high-level investigation. When reviewing the data loss prevention logs, we discovered many alarming log entries that indicated data exfiltration of confidential, business-critical documents.
The internal team not only has the right tools, resources, and workflows in place, but by observing Pathway’s investigative process, they now have a better understanding of the types of red flags to look for in future investigations. Additionally, they consult Pathway regularly whenever questions arise, getting an immediate answer and continuing to expand their own expertise.