Minor Alert Uncovers a Major Threat: Persistent Trojan Lurking on External Hard Drive
At-Bay Stance MDR team identifies and remediates in just 20 minutes
The Client
- Industry: Construction
- Revenue: $25M – $100M
- Size: 101 – 500 Employees
- Attack Type: Trojan coming from pirated software, originating from an external hard drive
The Situation
CrowdStrike Falcon, an EDR platform deployed by At-Bay’s Managed Detection and Response (MDR) team, automatically detected, blocked, and quarantined a malicious Trojan discovered on a client’s device. Although the EDR rated the issue as a “Low Severity” threat, At-Bay’s MDR team investigated further and found the Trojan came from pirated software on an external hard drive. The software could reinstall itself every time the hard drive was plugged into a user’s computer, potentially allowing threat actors to infiltrate the endpoint and deploy ransomware or steal data. Although the EDR software contained the Trojan every time the Trojan reinstalled itself, the underlying problem would continue to occur. This situation required a human expert to understand the problem and address it.
Remediation Process
Within 20 minutes, At-Bay’s security analyst conducted a detailed investigation and discovered the intrusion’s root cause: the compromised software on the external hard drive. The analyst also identified the hard drive’s exact make, model, and serial number, allowing the client to quickly identify and properly sanitize the infected device.
Although the Trojan was categorized as a “Low Severity” threat, At-Bay’s security analyst called the client to explain the situation and advised them to wipe the external drive to eliminate the threat. The analyst also recommended avoiding pirated software in the future, as it can pose a significant security risk — as it had in this case.
The Result
An investigation of a minor alert exposed a more persistent threat and an opportunity for the client to improve their security and IT practices. By combining expert knowledge with leading technology, At-Bay Stance MDR was able to reduce the company’s cyber risk in less than 20 minutes, with minimal business interruption*.
It took less than 20 minutes for At-Bay MDR to contain and remediate threat.
At-Bay Stance Managed Detection and Response
At-Bay Stance MDR protects your organization against modern threats like ransomware, financial fraud, phishing, and identity-based attacks with comprehensive endpoint, cloud, email, and identity security solutions.
At-Bay’s MDR experts help businesses stay secure and reduce cyber risk at a fraction of the cost and hassle of hiring an in-house team. It provides a layer of protection many businesses typically can’t afford, securing endpoints, email, identity, and cloud, at an accessible price.
*Response timelines differ. Past results do not guarantee future outcomes. This content is provided for information purposes only and is not intended to define any Policy commitment. No warranty is given or liability accepted regarding this information.
At-Bay Stance MDR is provided by At-Bay Security, LLC (“At-Bay Security”), and available to eligible businesses with or without an insurance policy placed through At-Bay Insurance Services, LLC. At-Bay Security, LLC is a wholly owned subsidiary of At-Bay, Inc., providing cybersecurity services including MDR and incident response. At-Bay Security, LLC does not provide insurance services.