Client testimonial:
“Thanks to NCC Group’s swift response and support, we were able to contain the threat and quickly resume normal operations, while improving resilience for the future. The incident underscored the importance of preparedness and having the right team on standby in the event of a breach."
At a glance
Organization: Microlise
Industry/Sector: Transport & Logistics
Situation: Microlise, a leading provider of transport management technology solutions, faced a significant cyber incident. Their insurance broker recommended NCC Group to help manage the crisis.
Challenge: The combined teams worked on an effective incident response to safeguard Microlise’s vital operations in the global logistics industry.
Solution: NCC Group approached the task methodically, prioritizing systems based on their criticality. This involved implementing robust encryption protocols, strengthening authentication measures, and upgrading Microlise’s IT infrastructure.
Results: The threat actor was eradicated, and NCC Group enhanced Microlise’s long-term cyber resilience, allowing them to resume normal operations and service to their clients.
Situation
Microlise is a leading transport technology provider, supporting over 5,000 customers globally. Their advanced technology supports a wide range of industries, with notable partners including JCB, DHL, and Tesco.
When Microlise faced a significant cyber incident, their insurance broker recommended that NCC Group support them during the crisis. This introduction was crucial in ensuring a swift and effective response to safeguard the company’s operations and maintain its critical role in the logistics sector.
Challenge
Microlise faced a significant cyber incident by a ransomware group in late October 2024, who claimed to have stolen Microlise corporate data, giving Microlise a short timescale to pay its extortion demands before leaking externally.
Attackers gained access to their network, allowing unauthorized access via VPN. They deployed ransomware, encrypting hypervisors and rendering virtual machines useless. The threat actor also changed all admin passwords, complicating access to the infrastructure. Various malicious files, including those concealed by Ultimate Packer for executables (UPX), required thorough forensic analysis to understand their capabilities.
The threat actors targeted their servers hosting telematics system data, causing an outage of vehicle tracking services and disrupting deliveries nationwide. Microlise feared prolonged service interruptions, potential data breaches and damage to their reputation, especially as they provide critical services to customers and government bodies. They urgently needed to restore operations, secure their systems and prevent future incidents.
Solution
NCC Group’s Digital Forensics and Incident Response (DFIR) team was deployed within hours of the incident on 31 October 2024. The decision to partner was influenced by their insurance broker who recommended the cyber security firm’s services. This was the first time Microlise had to use their cyber insurance or engage an Incident Response (IR) provider.
The DFIR team worked closely with NCC Group’s Threat Intelligence experts to identify the capabilities of the malicious files and conducted a thorough forensic investigation to understand the scope of the compromise. The Group’s remediation team assisted in supporting the rebuild of Active Directory and Domain Controllers, while providing 24/7 threat monitoring during the recovery process. Additionally, an industry-leading EDR solution was deployed to enhance visibility and threat remediation.
Following the initial response and investigation, Microlise considered various solutions before rebuilding its IT environment. They approached this task methodically, prioritising systems based on their criticality to ensure the threat actor was completely eradicated. This involved implementing robust encryption protocols, strengthening authentication measures, and upgrading their IT infrastructure.
Result
The full Incident Response engagement lasted 12 weeks and involved forensics, remediation, and ongoing monitoring. The structured and secure rebuild of their IT environment ensured the complete eradication of the threat actor. In addition, the deployed EDR solution provided continuous monitoring and immediate threat remediation, significantly enhancing their cyber security posture. As a result, no customer systems data was compromised at any stage.
Throughout the engagement, Microlise focused on transparency with customers, which helped maintain trust during the recovery process. NCC Group’s rapid response was crucial in mitigating an immediate threat. The DFIR team also enhanced the company’s long-term cyber resilience, allowing a return to normal operations and service to its customers.
Microlise recently hosted their annual transport conference, which brought together over 1,000 industry professionals and featured more than 40 expert speakers.
The event showcased their transparency and commitment as a business to driving change and fostering collaboration within their sector and the wider supply chain. They highlighted the importance of incident readiness, and NCC Group was invited to join a speaking panel to share learnings and expertise.
Get started on your cyber security journey.
Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what NCC Group can do for your organization's unique cyber security needs.