Cases

Simulated cyber attack

For a large financial services provider from Amsterdam, we are secretly carrying out a simulated cyber attack.

The question

The general cyber security of the customer seems to be in order: security systems have been implemented and the incident response procedures are ready. The question for DeepBlue is to investigate whether the cyber security really holds up in the case of an actual attack.

Solution

In consultation with a small delegation from the management, DeepBlue secretly sets up and carries out a cyber attack. The attack simulates an attack with hostage software (ransomware) and lasts a total of three days. During the three days, more and more systems are (fictitiously) switched off. We test in detail how the organization responds to this and whether the procedures in question are indeed working as desired.

Result

As a result of this incident response exercise, a number of procedures are tightened up, so our customer is optimally prepared for any calamities.

Continuity assessment

For a globally active logistics company based on Maasvlakte Rotterdam, we carry out a very comprehensive continuity assessment.

The question

What exactly happens when one of the systems in the chain fails and/or a system goes down? What damage is caused and what steps need to be taken to get everything back online as quickly as possible?

Solution

By testing and analyzing all systems, DeepBlue creates a very good picture of the coherence between the different systems. We also determine a risk profile per system and analyze the impact and necessities of the different systems. All the findings eventually come together during a big test day, in combination with staff on the workplace.

Result

Our customer now has extensive protocols and a manual for each system. Also the company now always has specific hardware in stock at remote locations, which can be implemented directly. This in case something falls out.

Honeypot sensor platform

For our customer active in the commodities trade with multiple offices in Europe and globally operational, we carry out a security upgrade.

The question

This special customer is already at the forefront of cyber security. Within the company, a team of people assesses every day whether the cyber security can be improved. Nevertheless, despite all these efforts, the customer sees a major residual risk concerning the big staff and incoming traffic. Is there anything you can do about that?

Solution

Our Honeypot sensor platform offers a solution in this case. We start with an extensive 'Grey-Box' penetration test to create a 0-line, and to make sure there are no serious leaks or 'back doors' present. We find a number of areas for improvement that we pick up quickly. Then, within half a day, we roll out 25 virtual sensors over different locations and in various crucial vLAN's.

Result

Because all alerting has been transferred by us to the central SIEM, the customer now has our functionalities easily accessible in their own dashboard and our Honeypot platform will catch a significant amount of residual risk.

Email fraud

For our client active in the rental of large equipment in the Benelux we carry out a cyber forensic process. This is to track the abuse of multiple email accounts.

The question

Invoices sent by the company have been adjusted unwanted and amounts have been transferred a number of times to an incorrect unknown account number. We want to know exactly what happened.

Solution

Based on official guidelines that DeepBlue always uses, we secure log files and other specific data from different systems, servers, and mobile devices. By analyzing and comparing this data, a very clear picture of what exactly happened is created.

Result

We enable the customer to identify the malicious behavior; our extensive report may eventually be included in support of a lawsuit.

Scroll to top