Our client was looking for an independent, proactive threat assessment to evaluate their security landscape. Liberty was able to utilize proprietary threat analysis techniques to uncover some unexpected vulnerabilities.
A major petroleum company was considering transferring some of its terrorism and cyber risk through a specialty insurance program for limits in excess of hundreds of millions of dollars. Although the company was confident in the security of both its IT and OT systems and believed they presented low risk, they contacted Liberty to better understand how threat intelligence could further secure their operations and potentially help them land reasonable coverage.
Within hours, Liberty was able to retrieve, decrypt, and analyze archived chat transcripts from the dark web involving members of the hacking group Anonymous who had been sharing a reconnaissance report of the company’s network and discussing the ease in which the group could disrupt the company’s SCADA systems. Liberty also discovered telecom and SCADA room diagrams, as well as account passwords of employees responsible for equipment installation. Such vulnerabilities can serve as an intelligence windfall that greatly accelerates attack planning. Lastly, threat intelligence collected on the company’s supply chain allowed Liberty to learn the degree to which suppliers were revealing sensitive information about the company via online performance reviews and other media. These same partners were also found by Liberty to have significant network vulnerabilities as well, including a series of exposed hosts and applications that were introducing serious risk both upstream and downstream of the supply chain.
Using business threat intelligence, the petroleum company immediately took corrective action through employee education and awareness programs focusing on the threats posed to the oil industry and their company in particular. The company instituted additional technical and administrative controls, including on their suppliers, and through persistent BTI analysis, an ability to lower their threat profile moving forward. Using Liberty’s findings, the company was also able to obtain favorable insurance coverage by demonstrating a proactive and preventative approach to monitoring evolving threats.
