Services

Access a world-class intelligence capability tailored to your specific needs. Control a multi-million dollar program without the time or expense and solve problems both lasting and acute.

What is Managed Intelligence?

Case Studies

2 min read

Identifying and Disrupting Platform Abuse in the Gig-Economy

By Nisos on Nov 17, 2020 4:43:14 PM

The Challenge

A technology company noticed a disturbing increase in malicious activity across their platform. Unknown individuals were selling bots that claimed to automate interactions with their platform and provide those that purchased the app an advantage over other users. This use of the app was a clear violation of the client’s Terms of Service. In other words - the bots would “game the system” to the financial disadvantage of normal conforming users - leading to frustration and anger directed at the client. To make matters worse, the bots mirrored the legitimate client application, presenting additional security threats.

The client enlisted Nisos with three primary objectives:
  1. Determine how the bots were able to subvert client controls and take advantage of the platform.
  2. Provide recommendations on how the client could improve their security posture and counter the illegitimate activity of the bots. 
  3. Identify the actors making the bots, enabling the client to properly attribute the crime and take legal action.


Why Nisos

Nisos’ ability to help the client was rooted in our ability to deliver high-quality technical application analysis combined with open source research and attribution.

Preparation

The Client started by providing Nisos with a detailed history of bots that they had previously uncovered. They requested Nisos identify additional bots that may be present and undiscovered. In order to accomplish this task, Nisos did not need to access the Client’s network or sensitive data.

Execution

Nisos acquired the bot of most concern to the client through a common App store. We confirmed that it operated as claimed and provided an analysis of how the bot functioned at the code level. We also determined that several methods could be used to create a functional bot targeting the client’s platform, and we provided recommendations to the client to remediate this risk.

Our assessment concluded that the creator of the bot took the official client application, acquired the binary from a device, and altered it with their own additional code. This additional code pulled the necessary information from the client and automated user responses.


Attribution

Nisos found that previous application bot domains were associated with truncated email addresses. In one case, Google cache inspection of application .vip revealed a telegram account associated with a partially named online persona. We acquired a license for the application and extracted the Intelligent Process Automation (IPA). We then identified that the back end server for downloading the app bot was associated with an IP address that served as a Virtual Private Server (VPS). The infrastructure was hosted in a Japanese hosting facility.

In another case, we were able to track back “old” versions of the application bots that revealed selectors. Using these selectors and cross referencing them in Nisos proprietary credential databases and other external telemetry, we attributed them to named individuals. We also determined that these selectors were being used for additional, identifiable fraudulent activity.

Continue Reading
1 min read

External Hygiene Assessment Delivers Valuable Insight Prior to Company Acquisition

By Nisos on Nov 13, 2020 4:34:39 PM

The Challenge

Nisos was contracted to conduct cybersecurity diligence and an assessment of external network hygiene for a cybersecurity company’s acquisition target

Why Nisos

Although the client, a cybersecurity company, leverages many of the same services as Nisos, they understood that Nisos’ analytical rigor and access to external data collection would allow them to gain greater insight and optimize the evaluation of their acquisition target. Utilizing publicly available information, third party datasets, and partner relationships, Nisos was able to discover and assess the target of acquisition’s cyber assets and provide the client with a comprehensive understanding of areas of concern and indicators of compromise.

Preparation

Nisos began the investigation knowing eight registered domain names of the acquisition target. Nisos had no existing insight into the company’s overall cyber posture. The investigation revealed extensive information about the acquisition’s cyber-security maturity and the breadth of their cyber assets.

Execution

Nisos identified several ties to entities that were not publicly affiliated with the acquisition target. The investigation, conducted on the public internet, uncovered IP addresses directly associated with the target’s office. This led to the identification of specific infrastructure which would likely be targeted by an advanced attacker. , Nisos also identified a server providing remote access to the target’s office network and users of a Docker instance created by the target, one of which was running default credentials. Although the instance did not appear to belong to the target, an attacker could leverage it to gain control over a customer. It could also be used as an access vector in a breach of someone using the target’s software. A compromise of this sort could negatively impact the target’s brand reputation and ability to generate new clients. The investigation ultimately determined that the organization's cyber-security maturity was high, which is uncommon for organizations of similar size, but consistent with the target’s cybersecurity background.

Impact

Based on Nisos findings and recommendations, the acquiring company immediately and transparently began remediation. Recommended remediation actions included removing public permissions, enforcing two factor authentication for console access, and limiting access to Kubernetes ingress controller only via whitelisting IP addresses. Throughout the process, Nisos shared best practices and additional guidance with the client and the acquisition target.

Continue Reading
1 min read

Mitigating Advanced Threat Actors: Gaining Access to Closed Groups to Gain Insight into Vulnerability Disclosure and Further Litigation

By Nisos on Oct 1, 2020 7:20:58 AM

The Challenge

A retail client requested our assistance to identify an individual, who was also a paying customer, who wrote a python script that scraped a backend server. The customer had also previously published a WiFi vulnerability present at the company’s offices in the US. The client was aware of closed forums where this customer and other potential threat actors exchanged ideas about denigrating the client’s reputation, and asked Nisos to help understand the nature of the threat.

Continue Reading
1 min read

Mitigating Advanced Threat Actors: Acquiring and Analyzing Malicious Tools to Stop Fraud

By Nisos on Oct 1, 2020 7:13:36 AM

The Challenge

Malicious foreign actors were creating automated tools to abuse an e-commerce client’s platform. Using that automated process the threat actors were able to mass create and bulk manage accounts, run advertisements, and use credit cards. With those credit cards, they were able to make purchases through the client’s site, and the client’s customers and third party service providers.

Continue Reading

Case Study: Preventing Corporate Sabotage by a High-Level Executive

By Nisos on Jun 22, 2020 11:39:36 AM

The CEO of a multinational manufacturer (Client) identified an urgent need to remove a key executive, along with several accomplices, from the operations of the company, based on concerns that these insiders were intent on sabotaging the company. Given the known IT expertise and access of the executive and his associates, the Client needed to prevent these persons of interest (POI) from stealing sensitive data or disrupting the network prior to being fired. The Client also intended to pursue legal action against the POI and needed digital evidence preserved.

Continue Reading

Case Study: Data Driven Executive Protection

By Nisos on Apr 27, 2020 9:41:53 AM

Nisos   was   tasked to   acquire   additional  information on a threat actor making violent threats against a big tech company's executive leadership.

Continue Reading

Case Study: Malicious Insider Leaking Information to the Unauthorized Third Parties

By Nisos on Apr 26, 2020 9:07:19 PM

A technology company’s proprietary information was leaked to unauthorized third parties presumably from an identified disgruntled employee. The Client required assistance in determining with certainty whether such actions could be directly attributed to a specific employee within its organization and whether mitigation controls could be put in place to prevent further leaks.

Continue Reading

Case Study: Using Data for Market Entry of Product and Services Based on Security Incidents

By Nisos on Apr 26, 2020 9:04:45 PM

A global consumer service provider was exploring different foreign cities to launch their new service, using security and safety as a critical metric.

Topics: Cybersecurity
Continue Reading

Case Study: Preventing the Exfiltration of PII from a Malicious Administrator

By Nisos on Apr 26, 2020 9:01:57 PM

A major pharmaceutical company made the decision to terminate an administrator and was concerned about the malicious exfiltration of personally identifiable information (PII) before his termination.

Continue Reading

Case Study: Investigating a Destructive Administrator Following Merger and Acquisition

By Nisos on Apr 26, 2020 8:58:03 PM

A global manufacturing company experienced a corporate-wide outage due to being locked out of their router devices between corporate headquarters and their branch offices across the globe. After internal investigation and significant downtime resulting in major losses in revenue, it was suspected this outage was likely caused by malicious insider activity involving a recent acquisition

Continue Reading

Featured