Case Study

Cybersecurity Audit Identified Malicious Files

Services Provided
Technology and Cybersecurity Due Diligence
Industries Served
Building Products

The Challenge

A private equity firm required assistance in securing cybersecurity insurance for one of their portfolio companies pending a successful vulnerability scan of their client’s environment. TriVista was retained to provide cybersecurity pre-close remediation and post-close continued cybersecurity enhancements with infrastructure/application consolidation.

Our Approach

The project was completed in 3 phases:

  • Phase 1: Obtain access to customer environment
    • Supported the cybersecurity vendor in gaining access to the client’s environment
    • Worked with partnering managed service providers to assist in granting access
  • Phase 2: Complete cybersecurity scan agent installation and vulnerability scan
    • Installed Cybereason EDR scanning agents on all servers and client computers with the assistance of partnering managed service providers
    • Initiated vulnerability scan to identify compromising security threat
  • Phase 3: Deliver cybersecurity final report and remediation steps
    • Cybersecurity firm evaluated client’s environment utilizing Cybereason EDR

The Results

TriVista identified the following:

  • 50+ assets were assessed in the customer environment
  • 3 malicious or potentially malicious files were detected and quarantined by Cybereason EDR, and 1 potentially unwanted program was identified
  • Of the identified malicious files, one was determined to be a roughly 3-year-old malicious document tied to the Emotet malware family
    • Emotet is typically delivered using targeted spear-phishing attacks, indicating that they may have been targeted by a sophisticated threat actor in the past
    • No indicators were found indicating a successful attack or execution of this malware
  • The primary factor influencing this rating is the presence of evidence indicating prior targeting by a sophisticated threat actor
  • All high and moderate risks were identified, and actions were taken to remove malicious applications and quarantine malicious files
  • Applications that required patching were noted and remediated by partnering managed service providers

To find out how TriVista can help you achieve similar outcomes, contact us today:

"*" indicates required fields

This field is for validation purposes and should be left unchanged.