Book a demo
Select the date and time, and we'll get back to you shortly.
Full Name
Company
Contact
Preferred Date and Time
Message

Preventing State-Sponsored Attack on Critical National Infrastructure

An employee of a organisation who provide Critical National Infrastructure resued the same passwords across multiple services.

← Back to Case Studies

Client Background

A UK-based critical national infrastructure company operating extensive SCADA systems utilised Cyber Overwatch to protect its vital operations and sensitive control systems from cyber threats.

Challenge

An employee reused credentials across multiple third-party platforms, inadvertently providing a potential attack vector for cyber threat actors. These credentials were compromised externally and subsequently leveraged by a state-sponsored actor in an attempted breach targeting the company's SCADA infrastructure.

Cyber Overwatch’s Response

Cyber Overwatch swiftly identified the users credentials being used to pass phases of sign-on and unusual access attempts to SCADA systems through real-time monitoring and behavioural analytics. The immediate detection flagged the compromised credentials being used from atypical geographical locations and unusual network pathways, strongly indicative of state-sponsored cyber activity.

Our threat-hunting team quickly correlated these attempts with intelligence data, confirming the severity and source of the threat.

Resolution

Cyber Overwatch promptly alerted the client's operational teams, delivering precise evidence of the attempted breach. Immediate action was taken by Cyber Overwatch under our rules of engagement, to revoke compromised credentials, isolate targeted systems, and enhance access control measures around SCADA infrastructure.

This decisive intervention prevented any unauthorised access to critical operational systems, preserving the integrity and continuity of national infrastructure operations. Access was also revoked to all third party (TPRM) platforms the user accessed.

Ongoing Prevention

Following the incident, Cyber Overwatch assisted the client in implementing robust multi-factor authentication (MFA) across their third party supplier systems as well as garnering support for the rigorous credential management policies we had recommended prior to the incident. We also helped HR to implement comprehensive staff education programmes to reinforce the importance of unique, secure credentials. These recommendations struggled to get board support prior to the incident.

Continuous monitoring and advanced threat detection remain in place to provide real-time protection against similar high-risk threats.

Outcome

Cyber Overwatch's rapid detection, clear evidence, and proactive response successfully thwarted a potentially devastating cyberattack. The strengthened cybersecurity posture now provides enhanced protection, ensuring the reliable operation of critical national infrastructure against future sophisticated threats.

← Back to Case Studies

Subscribe to our newsletter

Stay up to date with weekly cybersecurity insights and platform news. No spam, ever.

No spam
Your data is safe. We don’t sell or share emails, ever.