You’ve been hacked. Your systems are not working and you are not sure what has happened.
We analyse every detail to figure out what happened, why it happened and what response is needed.
Our findings are documented and walked through with you so that you can understand root cause of the incident, and what steps you need to take, both immediately and as preventative action against any similar future attacks.
Once we have been engaged to investigate an incident or breach, we will interview the people involved to better understand where we should immediately focus to provide rapid advice regarding containing any potential impacts or ongoing threat.
These interviews then also inform the next steps we take in the investigation. This may involve gaining access to systems, logs, computers, devices, networks and backups. We review the available digital evidence to construct a storyline to understand who, where, when and what has happened.
From this storyline, we can provide further advice on immediate rectification actions to be taken and a report which outlines recommended measures to improve Cyber Security defences and protect against similar future attacks.
Our client engaged us two months after their MSP (IT provider) had commenced investigating an incident. They were under the impression that the issue had started two months ago, but that because the MSP had identified the issue early, the cyber attacker had not had sufficient time to perform malicious activities, including stealing data. Our investigations determined that the breach had actually occurred eight months earlier and we provided a detailed listing of the malicious activities performed by the hackers over that eight month period.
Another client engaged us after their website had been hacked, believing that it had been compromised by crypto mining software with no data accessed or stolen. The client wanted reassurance that this was the case and that there was no data breach. Our investigations found that the server had in fact been hacked thousands of times over the past month, and personally identifiable customer data had been stolen from their database.