OTORIO Helps Global Paper Manufacturer Resume Operations Safely
A global pulp & paper manufacturer discovered internal phishing correspondence that has been spreading in their network and they reported it to OTORIO’s Incident Response team. OTORIO’s team helped identify and mitigate the phishing attack and later linked it to a larger campaign that has been targeting multiple companies around the world.
Background
The customer operates over 100 manufacturing sites around the world. OTORIO’s Incident Response team was contacted by the customer, who claimed that an internal user sent a phishing email to almost 1,000 employees. OTORIO’s Incident Response team investigated the attack and concluded that there was a previous, failed attempt to perform a phishing attack on the network and that the current successful attack is part of a larger campaign that targeted different companies around the world, stealing employee credentials. OTORIO removed all threats to the network successfully, the company resumed operations, and received a clear mitigation plan to improve its security posture moving forward.
Our Findings
OTORIO’s team concluded that there were several key areas that required improvement in order to ensure that such an attack would not be successful in the future. These areas include:
OTORIO's Role
OTORIO was tasked with:
Recommendations
The team provided various security control improvements that the customer can implement to ensure that its network is resilient to similar attacks in the future. Some of the suggestions included:
Moving Forward
OTORIO’s incident response assessment and reports gave the customer a clear picture of the steps the attacker took during the attack, with an emphasis on the security gaps that enabled their activity. OTORIO provided the company with a solid security posture plan to ensure that they are capable of taking the first steps in improving OT security immediately.
Following the successful incident response, the customer requested that OTORIO extend its services and perform Penetration Testing to assess network resilience.
For more information contact us at [email protected].