USE CASE #5
LACK OF MONITORING LEADING TO THEFT OF FUNDS FROM THE COMPANY ACCOUNT

SOURCES OF VULNERABILITY TO ATTACKS

• The organization used a router with very old and outdated software.
• The Wi-Fi network did not have adequate security measures in place, and the system did not log events or monitor who connected to the infrastructure and when.
  
• The wireless network signal covered not only the office, but also the public common areas in the building, making it accessible to outsiders.

INCIDENT

WHY WAS THE ATTACK SUCCESSFUL?

• No updates: Working with outdated router software opened the door to attackers.
  
• No access control: The Wi-Fi network was open to anonymous connections.
  
• No segmentation: once inside the Wi-Fi network, the attacker had free access to other company resources.
• No monitoring: no one was monitoring network traffic, so the unauthorized connection and suspicious activity went unnoticed until the funds disappeared from the account.

EFFECTS OF THE INCIDENT

• Direct financial loss: the company lost a significant amount of money as a result of the transfer made by hackers.
• Lack of evidence: due to the lack of logs, monitoring, and device identification, it was not possible to clearly identify who committed the theft.
• Suspicions against employees: due to the lack of technical evidence of an external attack, law enforcement agencies considered the involvement of people from within the company, which created a toxic atmosphere within the team.
• Long-term investigation: the lack of historical data from the network significantly hampered and prolonged the investigation.

THE ROLE OF SOC ADQ: WHAT WOULD CHANGE?

• Rapid intrusion detection: our team of analysts would immediately notice the anomaly in network traffic and the connection from an unauthorized device.
• Immediate response: SOC could identify the source of the connection and block the attacker's access, protecting the banking system from compromise.
  
• Hard evidence: By collecting logs, the company would have complete documentation of the incident for the police, which would eliminate unfounded suspicion of loyal employees.

KEY CONCLUSIONS:

• Network and Wi-Fi devices are critical infrastructure components that require constant monitoring.
• Failure to record events means powerlessness in the face of an attack and the inability to prove the perpetrator's guilt.
• ADQ monitoring protects your organization and employees from false accusations by providing clear technical evidence.
• The cost of implementing SOC monitoring is a fraction of the losses a company incurs as a result of a successful bank fraud.