Trusted by Industry Leaders for Decades

Here at 4D5A, we stand behind our work with over three decades of proven work outcomes and successful stories helping clients overcome intrusions, extortion, insider attacks and more. Due to the sensitive nature of our services we don't directly name individuals to meet various complex regulatory, compliance, and privacy requirements. 
They saved us millions in our incident response. The other company we had quote us was $400K more just to show up and tons more for services.
4D5A Security was able to jump on a line and help our our team within a few hours of our calling them for help, and we didn't even have a contract with them!
The team was great at helping us understanding how to secure tools and configure and was very patient with us as we learned how to "do" security.

North Korean Intrusion

Ransomware is where the incident started, but it was much more than that after 4D5A Security arrived on the scene and investigated current state and forensic evidence for patient zero and dwell time for the case.  Ransomware was a final payload, rather than initial, used by an actor the end of a kill web.

For weeks prior attribution leading back to North Korea and an intrusion with extensive lateral movement and control over network assets took control over most of the network and related assets.

A 4D5A Security visibility strategy, IR research and response, and threat attribution changed everything on what was at risk, how compromise likely took place, and how to wisely navigate such a complex incident response.

The client partnered well with recommendations by 4D5A Security and succesfully navigated critical milestones of ransomware exortion demands, recovery, and resiliency in operations.

Infestation

The client called 4D5A Security for help on an urgent ransomware attack that impacted administrators and several important areas of their network. 4D5A Security started work immediately to isolate the threat and identify patient zero and root cause, leading to the discovery of weakly protected exteral facing credentials on a server. Logs revealed that multiple actors had successfully brute force compromised a weak set of credentials over the past few weeks with three actors active within the network.

The first actor group of interest successfully intruded the network and launched Mimikatz to identify admins and elevate priviledges.  They then targeted administrators to take down their machines first before launching ransomware against the network, to maximize effectiveness of their attack and limit the ability for administrators to respond.

Unfortunately two other actors were also inside of the network at the same time. One was actively subverting the payroll system. The other was staging for attack. 4D5A Security helped the client identify root cause to mitigate known and future attacks through this vector and remediate these attacks. Policy changes occured related to payroll TTPs. The client successfully removed the ransomware threat and did extensive follow on framework based work to reduce risk further in operations, including onboarding of a SIEM to centralize logs and alerting.

Who We are to Our Clients

Our Reputation Is Important to Us

Trust - Character - Integrity are at the heart of 4D5A Security and all that we do! We care about successful outcomes and reducing risk for our clients.
Contact Us