Apr 11, 2019 | Success Story

Security Operations Center: Above & Beyond Continuous Monitoring

Security Operations Center | graphic of abstract globe with padlock image on a dark blue background

Identification

On a Saturday morning in February, while conducting routine security monitoring, a potential malware threat was found by COCC’s Security Operations Center in a subset of activity originating from a client financial institution. The threat, which was later identified as the banking Trojan Emotet (see sidebar), was discovered in the midst of reaching out to malicious domains, essentially phoning home in an effort to establish a foothold and spread throughout the financial institution’s workstation environment.

For a service that provides continuous security monitoring, finding and isolating a potential security threat is a major part of the job. So what makes this case special? The impacted financial institution did not subscribe to this service through COCC.

Yes, COCC does provide a hosted Security Operations Center (SOC) and can serve as the client’s Managed Security Provider (MSP), offering continuous security monitoring 24x7x365. However, this particular client did not leverage COCC as its MSP. Still, COCC’s security team was the first to notice the issue and bring it to the attention of the financial institution, then aided in proving the issue to the institution’s MSP.

Through these actions, COCC’s SOC assisted in the critical steps throughout the incident response process. The first step is preparation, in which an institution and its MSP implement security controls designed to stop threats before they start. If a threat gets past the preventative controls, it is key to identify and contain the attack from manifesting further. In this instance, this is where COCC stepped in. Identifying the malware threat and shining a light on the issue allowed for the financial institution’s IT staff and MSP to begin containment efforts and roll into the next steps of incident response.

 

Response

COCC remained hands-on for the steps of eradication and recovery, sending specialized technicians to assist the client in the efforts to clean the systems of any existing or suspected threats, verifying that the threats had been eradicated successfully, and getting the financial institution operating safely once again. Throughout this process, the COCC SOC continued monitoring this incident for signs of malicious activity. This continued support from COCC improved the speed and efficiency of remediation, enabling full recovery within several days.

 

Lessons Learned

The final step in the incident response process is to realize the lessons learned. While there are multiple takeaways from this case, one lesson is clear. COCC’s SOC added value to a client even though the client was not enrolled in the service. Despite limited visibility of security traffic, COCC identified the threat more quickly than their MSP, escalated it quickly, and was engaged as a partner every step along the way to help this client return to a normal state.

Had the attack persisted unchecked, the client would have been at an increased risk that the attacker could leverage their systems maliciously or access sensitive customer information. Thanks to SOC, it did not go any further. Providing this level of additional service is indicative of the partnership COCC maintains with its clients, taking the extra step to ensure those institutions remain safe and secure. With service like that on a limited basis, imagine the scope COCC’s SOC can add with full security monitoring!

 

What is Emotet?

In this instance, the malware was identified as Emotet. According to an alert from the National Cybersecurity and Communications Integration Center (NCCIC), Emotet is “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.” As stated in the alert, the malware is polymorphic and can evade typical signature-based detection and can even evolve and update itself. Identifying, containing and eradicating such a malware threat is critical in maintaining a financial institution’s security.

Click here to learn more about the banking Trojan Emotet.

 

 

For more information, email StrategicProducts@cocc.com.

About COCC

As an industry-leading fintech provider, COCC delivers innovative, comprehensive technology solutions and strategic partnerships with an unparalleled focus on service. Offering a robust, feature-rich suite of modern, standards-based core and digital banking solutions, COCC’s cutting-edge systems are designed with intuitive user interfaces and are fortified by advanced APIs which seamlessly facilitate leading fintech integrations. Consistently ready to adopt and embrace emerging technologies, COCC remains agile and forward-thinking, meeting the demands of a rapidly evolving financial landscape where live real-time functionality matters. COCC is forever dedicated to assisting community banks and credit unions with remaining strong and competitive by providing the technology, support, and expertise needed to succeed. To learn more, visit www.cocc.com.

The Latest From COCC

COCC Elects Two New Board Members

COCC Elects Two New Board Members

During the 2024 COCC Annual Shareholders’ Meeting in October, COCC proudly announced the election of Sean Gammon, President & CEO of 802 Credit Union, and Dana Neshe, Chair, President & CEO of Middlesex Savings Bank, to its Board of Directors.

read more
2024 CEO & Senior Officer Tech Symposium

2024 CEO & Senior Officer Tech Symposium

This year’s symposium focused on the underlying impacts that community banks and credit unions will face, but more importantly, on how these changes can elevate service standards, enhance customer engagement, and help navigate new regulatory landscapes.

read more