GuardWare INSIGHT alerted the IT Security officer of a manufacturer that a computer in the assembly area of their factory had an unknown network installed on one of their manufacturing machines.
The company produces a range of technologically advanced electronics in a highly competitive market and, having been in business for decades, took their security very seriously.
Administrator rights had inadvertently been left applied to the machine. Security discovered that an employee had used system roll-back during this period, in an attempt to remove the GuardWare INSIGHT Agent from the system. The change alert was received on a Friday afternoon and Security continued to monitor the machine.
Over the weekend, a second network was installed on the machine, evidently in preparation to exfiltrate information that was due to be sent to that machine as part of the coming weeks manufacturing activities.
The perpetrator was duly identified, and further actions were taken.
