Troubleshooting completed
A member of the Special Operations Centre logged into the firewall to investigate and look through the logs, uncovering the device responsible for triggering the alert and pinpointing its intended target.
Identified Threat
In this case, the identified device was an NVR (camera system) on the client’s network, executing an attack. This indicates that it was likely hacked due to some vulnerability in its firmware, and it had been repurposed for something other than its original intent. The target of the attack was Ali Baba’s network, a popular online shopping site.
Potential risks if threat was not managed and fixed
The camera system is within a client network, where it is usually trusted and not examined as thoroughly as outside traffic. Unfortunately, this could mean that the camera system may be used in malicious attempts such as a Trojan Horse to attack other devices on the network or gain unauthorized access. A major concern with this device was that it was attempting to breach an external source which could have potentially devastating consequences if successfully executed.
Final Solution
Our team recommended that the client get in touch with the suppliers of the camera system to update its firmware. In addition, they blocked the device from accessing the port it was attempting to attack, thus avoiding any potential damage to external networks.
