24 hours in a Security Operations Centre (SOC) Part 2

What can happen if a malware gets into your systems through a new acquisition?...

I return to my desk coffee-less; the machine now a forbidden treat locked behind a COVID-19 restriction. I kid myself that it’s ok, and it’s probably a good thing for my health. Sat down, back in front of my screen, I’m monitoring alerts when a critical incident flashes up…

AcmeCorp recently acquired a business they urgently needed in their portfolio, but chose not to undertake due diligence on the technology in use. They are just beginning to understand the state of the IT infrastructure, but are about to have a rude awakening to the risks that they are now carrying...

AcmeCorp was continuously growing, a new business being acquired every few months. Typically, they’d commission Waterstons’ mergers and acquisitions team to undertake IT due diligence and an integration programme, but AcmeCorp decided they “needed the business yesterday” and rushed it through. There was something about Cyberdyne Systems they couldn’t let go. Their intellectual property was going to revolutionise the entire organisation, maybe even the world.

Malware detected!

AcmeCorp’s systems have detected ransomware; a vicious malware variant which encrypts all your data.Thankfully AcmeCorp has excellent detection for malware. Even if that failed, their data is backed up in Waterstons’ datacentre; isolated from their central systems, secure, and ready to be restored in case of a disaster.

I look to find the source of the attack, the compromised system that sent it over to AcmeCorp. It’s not good news - it’s emanated from their new acquisition, Cyberdyne! We cut off our connection to their network. Breaking the news to AcmeCorp’s MD is NOT going to be easy…

Cyberdyne’s data has just… gone? There’s no way of getting it back? This is a disaster; their cybernetics research was going to change the world! This particular piece of ransomware took advantage of an old Windows Server vulnerability that had long been fixed with a patch… A patch that AcmeCorp had installed as part of following the NCSC Essential Eight guidelines, but a patch that Cyberdyne was missing. This is a significant setback for AcmeCorp, but it could have been a catastrophe if we’d lost AcmeCorp’s data too.

client.png Thank goodness we had patched our servers to meet the NCSC Essential Eight criteria. It meant we were protected from this particular attack and many others like it. It just shows how we need to be on top of all our security. I will be speaking to our suppliers next, I need to make sure that they are looking after our data like we do…

If you’re worried about the impact of losing your data, or to learn more about how Waterstons help protect customers from attacks like these, visit

Contact our Australian colleagues for help here.

Read Part 1 here
Read Part 3 here

LCCI | Cyber Briefing

22 April 2021

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies. However, you can change your cookie settings at any time. For further information about how we use cookies and how to change your settings, please read our Cookie Notice

I'm fine with this