Williams Racing, a Formula 1 race team, employs over 650 people who contribute to the team’s performance. This includes engineers who analyze real-time data from video analytics of their own and competitors’ cars, weather data, and over 300 sensors on the car to inform pit crews on health and performance. Cybersecurity is critical to Williams’ success on and off the track. To race competitively, their engineers need unencumbered access to the real-time data from the track and ensure that the data is not tampered with. To compete in their commercial markets, they need to protect their intellectual property from external attacks and insider threats. The COVID-19 pandemic has further complicated this task, with over 60% of Williams’ employees working remotely from unsecure home networks or remote Wi-Fi networks with unknown configuration.

The enterprise security threat landscape is more complex than ever, with new risks and attack methods emerging faster than we can keep up with them. One established attack vector that shows no signs of slowing down is phishing. As phishing attacks have become more sophisticated, they're increasingly focused on exploiting a key, but often overlooked, vulnerability: the users inside of your network. It is user behavior - the opening, the clicking, the downloading - that serves as the enabler, allowing malicious actors to gain entry to your network and find the valuable personal or company information they're seeking. Recently, a slew of invoice-themed malicious phishing emails was found to have penetrated a customer network - past a tried-and-true network defense system and straight into employee inboxes. A proxy service eventually detected and flagged that users had visited malicious URLs, but there was limited visibility into where and how the attackers entered the network, the number of users affected, and the extent of the potential damage.

A large financial services company with over 10,000 employees was the target of a java backdoor attack aimed at a senior executive. Despite having several antivirus, endpoint detection and response (EDR), and email security tools in place, the attack managed to bypass these defenses and land on the executive's computer. The malware used common administrative commands, which did not trigger alerts from the other security solutions. Without the visibility provided by DTEX, the attack would have gone undetected, potentially leading to data theft, sabotage, lateral movement within the organization, or worse. The malware was delivered via a phishing email that appeared to be shipping-related, which the executive was expecting. The email contained a malicious link that pointed to a compromised Turkish website that downloaded the malware. The malware then hid itself by creating a new temporary folder on the desktop and moving all associated files to this location. It also created a new path in the registry directory, setting up a persistent foothold on the machine, and took several actions to enumerate the environment.

A large financial services company with over 10,000 employees was the victim of a java backdoor attack that targeted a senior member of the company. Despite having several AV, EDR, and email security tools deployed, the attack managed to slip through and land on the computer of a high-ranking employee. The malware utilized commonplace admin commands, which other solutions did not alert on. Without Dtex's visibility and alerting, the attack would have gone undetected, potentially leading to data theft, sabotage, lateral movement within the organization, or worse.