• Industry: Retail 
  • Service Line: Digital Forensics, Web Security Assessment 
  • Geography: UAE   

Faced with multiple phishing and malicious emails, a luxury lifestyle retailer based in the UAE partnered with VaporVM to help them mitigate and recover from the attacks which placed their company information at grave risk. After performing initial forensics and security assessments, the client’s exchange server is now more secure and had avoided major revenue loss. 

Business Challenges 

Many retailers use legacy IT systems with incoherent security policies and these outdated IT infrastructure exposes advanced cyber threats. Retailers must therefore implement advanced detection of malicious activities in addition to having preventative measures. 

To better protect omnichannel retail environment, they need more than just a patchwork approach that introduces single points of vulnerability and failure in which a UAE-based luxury lifestyle retailer had not been able to prepare.  

They are receiving phishing & malicious emails and noticed that the emails were received from the official email address of company employees. The emails hold the content shared between only internal users and had placed the company at grave risk which could lead to major revenue loss. 

Client Requirements 

The client required the VaporVM security team to perform digital forensics on their servers to find out the root cause behind the incident. Also, the client required mitigations to help them recover from the attacks together with evidence of the incident. 

Solution 

The security team of VaporVM performed initial forensics on the provided images and found issues with the exchange server. The second phase involved running scans on the exchange server using Nessus. Those were exploitable vulnerabilities of the exchange server from which two were categorized as high while the other one was Medium. Furthermore, the team performed a complete analysis on these vulnerabilities, ran the threat scan on servers, validated these vulnerabilities in live servers, and ran Microsoft Safety scans.  

After the whole examination and forensics, the security team identified that the root cause of the above incident was Proxy-Shell vulnerability in the exchange server. Value Created 

Through their partnership with VaporVM, the client’s exchange server is now more secure and had avoided major revenue loss, thus ensuring the confidentiality, integrity, and availability of the client’s business information. Moreover, the application performance had greatly improved, ensuring an enhanced customer experience.