Need cloud computing? Get started now

Large Financial Services Provider at Risk After Ransomware Attack

Large Bank Secures Remote Access with Akamai Guardicore Segmentation

The Challenge
 

Increased remote access

COVID-19 led to increased remote access needs at this financial services provider, and much of the bank’s IT staff transitioned to working from home on company-managed devices. As users began to access the data and applications they needed for their roles via something other than the secure corporate network, the organization’s attack surface rapidly grew.
 

Successful ransomware incident

Shortly after transitioning to a work-from-home model, a successful ransomware attack hit a critical Oracle Cloud database at the bank, which they would later discover originated from a VDI environment. The security and IT teams knew they needed to take swift action to limit the loss of sensitive financial data. Additionally, they understood if they could not determine and secure the original attack vector, there was a real risk of the ransomware spreading laterally to both the backup servers and the organization’s production environment. If this happened, the bank was sure to be impacted by significant data and financial losses.
                                                                       

The Solution

Akamai Guardicore Segmentation was already in wide use in other areas of the bank. Before the ransomware attack, the platform was responsible for managing and enforcing the segmentation policies of more than 23,000 servers with workloads spanning on-premises, virtual, bare metal, and VDI infrastructure, as well as Azure and OpenShift container environments.

As a software-based segmentation solution, Akamai Guardicore Segmentation had been used by the bank previously to realize several security and compliance initiatives, including managing administrator jumpbox access and SWIFT application segmentation. Knowing the platform’s track record of providing excellent visibility and rapid time to policy, the response team quickly moved to leverage Guardicore’s features and tackle the breach.

 


The visibility provided by Guardicore Centra was like a bright beam of light that pushed back the darkness!

Head of Infrastructure Security at Large Bank

The Results                                                                 

Process-level visibility

Using the platform, the bank’s response team investigated historical communication flows. They traced the ransomware’s initial introduction to a database administrator’s remote VDI connection communication with an Oracle Cloud Database.   
                                                       

Rapid time to policy

After identifying the attack vector, the team fast-tracked VDI segmentation, making it a top priority. The policy planning process began on a Saturday, using Guardicore’s visibility features to scope out potential policy needs. By the following Tuesday, the bank had enforceable policies in place for the more than 3,000 VDI connections to Oracle Cloud.
                                                                       

Ransomware recovery

The team deployed Guardicore agents on the backup application and configured application ringfencing, defining down to the process-level what could communicate with the asset. It was then deployed in the breached area, blocking ransomware from propagating further using global deny rules.

To reduce additional risk from remote worker access, policies were also set for the two VDI solutions used by call center employees, further preventing unauthorized lateral movement between endpoints at the bank.

Achieving segmentation policy enforcement in only three days allowed the financial services organization to drastically reduce the ransomware incident’s impact and greatly improve remote access security moving forward.


Related Customer Stories

Security

City of San Juan

The City of San Juan improves and simplifies protection against malware, ransomware, and data exfiltration with cloud-based DNS firewall from Akamai.
Read more
Security

Texas School District

Large school district in Texas deploys microsegmentation from Akamai to protect east-west traffic
Read more
Security

ANA

ANA, the largest Japanese airline, deployed numerous Akamai solutions to ensure the performance, availability, and security of its digital presence.
Read more