Contact

Resources

War Stories

 

Cyber threats come in many different shapes and sizes. The following stories come straight from our advanced Security Operations Centre, where our experts monitor, detect and stop all forms of cyber attack, 24 hours a day, 7 days a week.

  • A Fraudster’s Goldmine - Talion

    Legal

    A Fraudster’s Goldmine

    Read more Close
  • At Risk of Ransomware - Talion

    Healthcare

    At Risk of Ransomware

    Read more Close
  • Classified Information - Talion

    Defence

    Classified Information

    Read more Close
  • Control Without Permission - Talion

    Utilities

    Control Without Permission

    Read more Close
  • Cybersquatting - Talion

    Forestry

    Cybersquatting

    Read more Close
  • Double Agent - Talion

    Technology

    Double Agent

    Read more Close
  • Imitation Games - Talion

    Legal

    Imitation Games

    Read more Close
  • Protest Foiled - Talion

    Aviation

    Protest Foiled

    Read more Close

Serious Internal Misconfiguration

Poor internal processes can leave businesses seriously exposed to attackers. While conducting Open-Source Intelligence (OSINT) for a client in the legal sector, we found that confidential emails were being systematically uploaded to a malware repository. The emails included .wav recordings of conversations firstly between clients and the business, and secondly between the business and the bank.

The recordings exposed personal information, banking passwords, passphrases and financial information. We supported our client in removing all the files from the site before the information could be found and misused.

 
Outcome
Sensitive information secured.
Left/Right of breach
Right of Breach

Organised Criminal Gang

Part of our Open-Source Intelligence (OSINT) work is about monitoring the online footprints of our clients. When delivering a security report for a client in the healthcare sector, we highlighted how their corporate network was vulnerable to a ransomware propagation attack.

Potentially highly serious, this type of attack could have blocked their network indefinitely, demanding a sum of money for its release. In making the client aware of this vulnerability, they were able to update their network and tighten internal security.

 
Outcome
Vulnerabilities identified.
Left/Right of breach
Left of Breach

Serious Internal Misconfiguration

Internal mistakes can be just as damaging as external attacks. This was the case when we spotted a user connecting an unauthorised disk to the corporate network. The disk contained highly classified information and should only have been connected to an air-gapped network.

We informed the client, who seized the disk and opened an investigation, avoiding any serious reputational damage.

 
Outcome
Classified information protected. Reputational damage averted.
Left/Right of breach
Left of Breach

Serious Internal Misconfiguration

During routine monitoring, we found that our client’s industrial control system was highly insecure, potentially granting admin control and access without authentication to any third party. What’s more, passwords for all users were universally visible, potentially opening up further avenues for cyber attack.

We notified the client, who then liaised with their system provider, insisting that security measures were updated and best practices were implemented.

 
Outcome
Vulnerability identified. Potential attack avoided.
Left/Right of breach
Left of Breach

Criminal Threat Actor

Proactive security monitoring prevents major incidents before they happen. And this was the case when we spotted an unknown domain registration that appeared to be hijacking our client’s URL, a mode of attack also known as typosquatting. Further research told us the new registration didn’t match our client’s registrar or comply with their corporate process.

Within 24 hours of the unknown registration, the client was informed and the issue was resolved before the attackers could cause any damage to the client’s business.

 
Outcome
Intruder domain identified. Client notified.
Left/Right of breach
Left of Breach

Insider Threat

Security threats can come from all angles. When a technology client raised concerns regarding a particular employee, we added the user onto the enhanced monitoring list. We then observed the individual downloading 1904 files onto their personal OneDrive in a 30-minute timeframe.

We filed our report to the client, who dealt with the issue internally, avoiding a potentially damaging case of corporate espionage.

 
Outcome
Corporate espionage identified and prevented.
Left/Right of breach
Left of Breach

Criminal Threat Actor

Malware repositories are a valuable resource for hackers. While working for a client in the legal industry, we found that hackers had used malware to obtain a legitimate email chain between our client and a third party company. This gave the hackers access to names, job titles, project details and more.

Their next move was to create fake domains imitating both our client and the third party. From there, they sent emails between the two domains requesting payment details. We identified the threat before either company was duped into revealing financial information, preventing a significant loss of funds and damage to our client’s reputation.

 
Outcome
Threat identified. Financial damage prevented.
Left/Right of breach
Left of Breach

Activists

Social media monitoring is a key phase of our Open-Source Intelligence (OSINT) service. While gathering intelligence for a client in the aviation industry, we identified an activist group planning a physical protest via social media. The Metropolitan Police didn’t yet have this information.

Our regular intelligence updates enabled the client to monitor the situation and disrupt the protest by intervening accordingly, preventing any reputational damage.

 
Outcome
Threat exposed. Reputational damage averted.
Left/Right of breach
Left of Breach
Watch our demo
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
Watch our demo
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
24x7x365 UK-based Security Operations Centre
Talion
Service underpinned by market leading threat intelligence team
Talion
Continually developed threat relevant content, backed by SLAs
Talion
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Talion
Experts in SIEM and SOAR technology
Talion
UK-based Senior Leadership
Looking to maximise value and flexibility?
Learn how Talion and DEVO partner to achieve this.
Discuss your cyber security needs
Contact us below and one of our team will be in touch to answer your questions.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Get In Touch With Us

Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.

CISO Cyber Dinner – Register Your Interest!

Thought-provoking cyber security discussion at Michelin-star restaurants across the UK.