Case Study: Mid-Sized Software Company detects and shuts down a year-long webmail backdoor with Cybereason

Software Company Detects and Closes Year-Old Webmail Server Backdoor

Mid-Sized Software Company, a billion-dollar U.S. software firm, suspected its Outlook Web App webmail server had been compromised but couldn’t find evidence using existing antivirus, sandbox and SIEM tools. They engaged Cybereason and its sensors/Malop Hunting/Detection capabilities to validate and investigate the hunch.

Cybereason deployed sensors across the customer’s 19,000 endpoints in under 24 hours, streaming real-time data to the Cybereason Malop Detection Engine and automating threat hunting. Within hours Cybereason uncovered a custom APT that had installed an OWA backdoor and harvested credentials for nearly a year; the platform provided a full attack timeline, root cause and affected assets, and the Mid-Sized Software Company cleaned infected servers and closed the backdoor within days.