Regional Bank (10B+ AUM)

Full Case Study

When the bank's fraud operations team flagged a cluster of anomalous wire transfer approvals late on a Friday evening, their CISO called Pulsosec's 24/7 IR hotline. Within 15 minutes a senior IR analyst was on a bridge call; within 2 hours our remote forensics team had ingested the first log packages.

The Attack Chain

Forensic reconstruction revealed that the threat actor had compromised a third-party JavaScript analytics vendor used by the bank's online portal. A malicious script was injected that silently skimmed session tokens and MFA codes, forwarding them to attacker-controlled infrastructure. The actor had maintained access for an estimated 11 days before detection.

Containment

Our team immediately blocked the compromised analytics domain, revoked all active sessions on the portal, and enforced a temporary MFA re-enrollment for all business banking users. The affected third-party vendor was notified and their access credentials rotated.

Regulatory Response

Pulsosec's compliance team coordinated with the bank's legal counsel to prepare the mandatory OCC incident notification within the required 36-hour window. We provided the forensic timeline and evidence package that satisfied the regulator's initial enquiry.

Outcome

Independent fraud modelling estimated $4.2M in wire fraud was prevented through rapid containment. No customer PII was confirmed as exfiltrated. The bank subsequently engaged Pulsosec for ongoing managed SOC services and a third-party vendor security assessment programme.