CASE STUDY

Attributing E-Crime Syndicates Adds Critical Context

by | Apr 17, 2020 | Adversary Research, Case Study

The Challenge

Huddled around keyboards half a world away, a shadowy group of technically-savvy criminals devised techniques to hide from system administrators and run internet scams that defrauded a client out of hundreds of thousands of dollars in revenue every month.

Why Nisos

Nisos operators have spent years using advanced cyber and OSINT investigative techniques to map out the activities of similarly shadowy opponents. This gave us a deep understanding of the adversarial mindset, which combined with our command of cyber tools and proprietary datasets, made us the perfect partner for this client.

Preparation

Nisos researchers analyzed open-source reporting and utilized technical tools and niche datasets to provide assessments on the fraud ring and their operations. We did not need access to any internal Client metadata.

Execution

Starting with only a few data points, we uncovered a sophisticated network that was using software to “cloak” their activity from the client’s system administrators. Each piece of new data spun off further investigations and insights about the attackers. Soon we had identified the scam’s ring-leader, the personal information of multiple network members, and a series of other fraudulent schemes the group was running.

After we identified the main culprits in the network and the techniques they were using to mask their actions, we mapped the technical signatures of each of those actors as well as the websites and accounts they used. We attributed the true identities of the actors and provided our assessment of how these signatures could be used to alert the client of future activity by that network.

Impact

Our detailed report identifying the bad actors as well as their tactics, techniques and procedures provided the client with multiple options. The client was able to take legal action against the actors, remove them from their platform, harden their defenses against future attacks, and take action against other groups using similar techniques. All in all, work like this can save clients hundreds of thousands of dollars.

If your company has similar issues with e-crime actors, contact us for a free consultation.

About Nisos

Nisos is the Managed Intelligence™ company. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.

For additional information, contact info@nisos.com

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks