Oil and Gas Business Email Compromise

Business email compromise (BEC) with a service provider in the oil and gas industry.

Background

A well-established organization in the oil and gas industry, approached our firm with suspicion that their business email tenant was hacked. They sought to understand how the threat actor was able to gain entry and how they could be implement better security controls. Recognizing the need for guidance and assistance, they turned to Muuntower to begin an investigation and plan how they could build a security roadmap for prevention and hardening.

Industry:
Oil and Gas
Location:
United States
Services Used :
No items found.
No items found.

Solutions:

  • Assessment: Muuntower conducted a security assessment and thorough analysis of our partner's business email tenant to properly identify anomalous activity occurring on behalf of the president's email.
  • MRCE Consulting: Leveraging our expertise in consulting and integrating with third-parties, we discussed the issues and likely causes with the company's IT service provider. This allowed us to understand how our partner's inbox was being managed and what security features were currently in-use.
  • Incident Response: Muuntower quickly determined that our client's inbox was actively compromised via the third-party IT service provider. After hardening and configuring our partners email tenant, the anomalous activity persisted causing further escalation within our incident response measures.
  • Policy Assessment: When moving to the incident response phase of the engagement, we uncovered a severe lack of policies and procedures detailing incident response protocols and responsibilities.
  • Continuous Monitoring: Once we found the root cause and delivered actionable next steps, we didn't simply walk away. The long-term security and success of our clients is what matters most to us. Muuntower maintained open channels of communication and support 90-days following the closeout of our project to ensure remediations remained effective.

Results

  • Our partner discovered serious deficiencies in their security controls, third-party due diligence process and incident response procedures.
  • Security Awareness Training was taken seriously and leadership organized company-wide education for all staff.
  • Our consultants recommended a new IT service provider with a strong reputation in cybersecurity.
  • No money was erroneously sent to the threat actors account as was the goal of the attacker.
Determining How To Best Serve Nonprofits
menu
Sustainability in the South