Dave Burg
Global Head of Cyber Risk
Washington DC
24x7 Incident Response
Activate experienced, local cyber incident response specialists to investigate and eradicate cyber threats.
Contact UsKroll Cyber Risk experts respond to over 3,000 cybersecurity events every year. We manage incidents of all types, complexity and severity for a wide range of organisations and industries in Singapore, Hong Kong, across Asia and worldwide. Companies from all over the world rely on our unique frontline experience, not only in response to a crisis, but also for proactive planning and mitigation strategies. Kroll’s Cyber Risk team has been recognised as a top service provider, preferred by major cyber insurers. We also offer client-friendly response retainers for peace of mind.
Quick and Efficient Deployment via Onsite and Remote Incident Response Capabilities
Whether it is an accidental data exposure or a malicious cyberattack, Kroll’s Cyber Risk team can respond immediately. Our global network of certified security and digital forensic experts can deploy remote solutions or be onsite within hours to help clients contain the situation and determine next steps.
Kroll is a world leader in cybersecurity, digital forensics and data breach response services. We offer end-to-end assistance to allow clients to make informed decisions at every stage, from proactive preparation to customer notification and remediation. We work alongside our clients’ counsel and insurance carriers to smoothly guide them toward recovery. Our goal is to leave organisations in the best defensible position, with their reputations intact and minimal disruption to their everyday operations.
Common Threats Addressed by Our Incident Response Team | |
|---|---|
Business Email Compromise and Wire Fraud | Insider Threats and Accidental Data Loss |
Advanced Persistent Threats (APT) | Third Party and Vendor-Related Risks |
Malware, Keyloggers, and Backdoors | Cryptocurrency Theft |
Ransomware | Targeted Intellectual Property Theft |
Payment Card Fraud (PCI/PFI) | Web Application Attacks and Password Theft |
Kroll Offers a Range of Cyber Incident Response Services to Meet Any Need
- Incident Response Preparation and Prevention: Employing a wide range of assessments, tabletop exercises and updated intelligence, we help clients enhance their ability to respond to any cyber incident.
- Intelligent Endpoint Detection and Response: Using a powerful combination of technology and expertise, this sophisticated solution helps our clients detect and respond quickly to credible threats.
- CyberDetectER® DarkWeb Search and Monitoring: With our proprietary technology and unmatched data stores, Kroll can continuously monitor the deep and dark web to help clients identify and respond to any data exposures.
- Data Collection and Preservation: For organisations undergoing an investigation or litigation, Kroll uses cost-effective and forensically sound methods and practices to identify, isolate and preserve electronic data.
- Data Recovery and Forensic Analysis: Our investigators are among the most knowledgeable data security experts in the world. Whether data has been intentionally deleted or manipulated, they can analyse the clues left behind to quickly uncover and secure critical information.
- For example, see Managing Director Devon Ackerman’s presentation on analysing business email compromise and insider threat cases, based on the collection of two years of forensics and incident response data in Microsoft’s Office 365 and Azure environments.
- Malware and Advanced Persistent Threat Analysis and Remediation: Kroll’s forensic examiners analyse malware to determine the breadth and scope of its impact on any organisation’s systems.
- PHI and PII Identification: Our team provides clients with a master notification list that clearly identifies what types of PHI and PII have been exposed. This helps organisations avoid costly over-notification while still providing targeted notification and remediation services to those affected.
- Data Breach Notification and Remediation Services: In the event of a data breach, Kroll helps clients to protect their reputations and maintain trust with impacted customers by providing an appropriate and proportional response.
- Incident Remediation and Recovery Services: Expedite system recovery and minimise business disruption, with services including device and server reimaging, active directory rebuilding, network segmentation, hardware upgrades or replacements, patch management and network hardening.
- Strategic Communications: Kroll offers a full suite of strategic communications support for incident response, preparedness, and training to help clients navigate all the risk and reputational landmines caused by a cyber crisis.
- Malware Analysis and Reverse Engineering: Our in-depth technical analysis of both benign and malicious code helps organisations better understand any code-related incident.
Benefit From Client-friendly Incident Response Retainers
- Offered for both proactive and reactive services
- No loss of money at the end of contract term
- No required use of Kroll’s proprietary tools or applications
- Clear terms with no automatic renewals or price accelerations
- Includes Kroll’s core data response capabilities (e.g., Notification, Call Center, Monitoring and Consumer Restoration)
- Key relationships with some of the largest cyber insurance underwriters in the world
Kroll in Action
Gmail Phishing and Ransomware Distribution
Location: Singapore office of a software development company
Brief: A software development company engaged Kroll to investigate one of their computers, which the IT department suspected to be infected by malware. The investigation scope was to check for
- the presence of malware
- the existence of any keylogger/remote control client software
- links or evidence of external cloud storage use
- compromise of MS Outlook
- any other evidence of possible external attack
How Kroll Resolved The Problem
Procedure
To preserve the evidence, the laptop was brought back to the lab for analysis and forensically imaged. To begin, we checked if there was live malware activity or unauthorised software on the computer. After forensically imaging the disk and memory, we checked for any trace of malware activities in .exes, DLLs and running processes and inspected the emails and other artefacts.
Virtualisation and network traffic monitoring were also used. Results showed that no “live” malware was running on the system.
We then extracted and inspected emails and internet artefacts such as cloud storage activities, as the client had highlighted these to us as showing evidence of “hacking” activity. Again no “live” malware existed on the system, but malware was detected in an email attachment.
With further examination, we found that the email was a phishing attempt containing Zeus malware not created by the user of the computer. Further examination showed that the email malware was set up to download ransomware onto the victim’s computer.
Outcome
With further examination of the malicious email, we found that the malicious email contained two phone numbers in the personal email signature of the user of the computer. Prior to the malicious email being sent, our client also received a “signed-in notification” from Google, which alerted our client that the account was signed in to from another country. These characteristics were identified as similar to a recent series of complex Gmail phishing activities occurring worldwide.
As in similar cases, the client had received a Gmail phishing email, clicked on it and then entered their username and password as requested. This phishing activity provided the hackers with access to the client’s Gmail account. The perpetrators then read emails and targeted several email recipients with specific emails claiming to be invoices in attachments. These attachments contained a type of malware (Zeus) which downloaded further ransomware, in turn encrypting the recipient’s computer.
Kroll was ultimately able to demonstrate that the client had been a victim of this Gmail phishing attack and that their account was being used to stage attacks and send ransomware to further clients.
Fortify Your Response Capabilities
Cyber threats are becoming exponentially more common and sophisticated. Our incident response and digital forensics team’s frontline experience can provide companies with a multifaceted and confident response anywhere, anytime.
Talk to a Cyber Expert
Kroll is ready to help, 24x7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber hotlines or our contact page.
Frequently Asked Questions
Connect With Us
Incident Response Plan Development
Today, you learn your company is experiencing a serious cyber incident. It could be a ransomware attack, a hacked O365 email account, the theft of PII or PHI, data exposure from misconfigured network settings. What is the first step you should take?
Incident Response Tabletop Exercises
Kroll’s field-proven incident response tabletop exercises provide a customised test of every aspect of an organisation’s cyber response plan.
Optimised Third-Party Cyber Risk Management Programmes
Manage risk, not spreadsheets. Identify and address cyber threats in third-party relationships to ensure compliance with regulations such as NYDFS, FARS, GDPR, etc.
FAST Attack Simulation
Safely perform attacks on your production environment to test your security technology and processes.
Cyber Governance and Risk
Manage cyber risk and data security governance with Kroll’s defensible cybersecurity strategy framework.
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.