Incident Response Services
Mossé Security offers rapid and thorough incident response services to clients facing security intrusions. Through in-depth digital forensics and reverse engineering analysis, we help clients recover from significant security breaches. Call or email us today to learn more about this vital response service.
Overview
Mossé Security offers three tiers of Rapid Incident Response Services tailored specifically to the size and industry of your organisation. Upon being retained, we rapidly increase the speed of your intrusion response while training your IT team on best security practices to handle future intrusions as well.
Our capabilities include:
- Digital Forensics
- Incident Management
- Malware Analysis
- Code Deobfuscation
- Threat Intelligence
- Security and risk Assessments
Since 2010, Mossé Security has responded to hundreds of security incidents all over Australia (Melbourne, Sydney, Canberra, Brisbane, and Perth). This scope and experience make us uniquely qualified to be of service to the NSW government.
Download the brochure >Threat Actors
Amongst the types of threat actors Mossé Security has experience responding to include:
- Ransomware and traditional malware
- File-less remote access trojans (RATs)
- Malicious insiders and accidents caused by the IT team
- Persistent attackers that use the client’s own insecure configuration of its IT infrastructure to maintain long-term network access and evade detection
Australian Threat Intelligence
Mossé Security tracks numerous threat actors targeting Australian organisations. From time to time, we publish threat reports:
- CRIME OSCAR is a cyber adversary that has stolen millions of dollars from Australian Organisations
- CRIME CHARLIE - A Sophisticated Group of Social Engineers
- Social Engineering Attacks against CFOs
Incident Response Plan and Methodology
The following diagram shows Mossé Security's workflow when responding to major cyber incidents:
Click on the diagram to open a larger version.
Key Achievements
- Via our Institute, our team trains other top CERT/CSIRT/DCO teams in Australia. For example, the Australian Defence Force engaged us to prepare operators part of the Cyber Protection Teams (CPT) for deployment in the field against nation-state threat actors targeting Australian key cyber terrain
- We helped several enterprise customers contain and recover from ransomware attacks where the adversaries had obtained domain administrator privileges and launched the malware from SCCM. In all cases, our Team was capable in identifying the vectors of entry, upgrade the network into a defendable state, remove the adversaries from the network and assist our customers recover from backups
- Our Company tracks multiple threat actors targeting Australian organisation. Most notable is the CRIME OSCAR gang that targets companies in the energy and utility sector. We assisted a customer respond to a major breach where CRIME OSCAR almost stole 2.1 million dollars from them. Our Team was able to prevent the adversary from achieving their mission, we identified the employees that had their machines compromised, removed the adversary from the network and deployed security upgrades across the production network to prevent future attacks
Our Certifications
Our team undertakes 2,000+ hours of pre-deployment training per year. Here are some of the certifications we hold and maintain:
