Incident Response and Forensics Support, Metropolitan Transportation Authority
Overview
The Metropolitan Transportation Authority (MTA) is a public benefit corporation responsible for public transportation in the New York City metropolitan area of the U.S. state of New York. The MTA is the largest public transit authority in the United States, serving 12 counties in Downstate New York, along with two counties in southwestern Connecticut under contract to the Connecticut Department of Transportation, carrying over 11 million passengers on an average weekday systemwide, and over 850,000 vehicles on its seven toll bridges and two tunnels per weekday.
Project Scope
The Metropolitan Transportation Authority (MTA) was seeking a highly technical expertise in Incident Response & Forensics that was expected to provide direct support to the 24/7 Cyber Security Monitoring group as needed.
Solution
V Group served as a primary point of contact for MTA Cyber Security Operations Center (CSOC) & MSSP Cybersecurity Incident escalations and interfaced directly with vendors & third parties for notified/observed compromises.
We conducted forensics on memory, disks, and logs to check if and what information has been compromised. As an integral part of threat intelligence and incident response, we dynamic and static malware analysis.
Moving further, V Group was involved in full incident response lifecycle to process evidence in accordance with the chain of custody. This enables us to create incident reports to brief the executive management and providing recommendations to prevent similar incidents in the future.
Additionally, V Group assisted the Threat Intelligence group in other functions including Threat Intelligence / Threat Hunting, Threat Readiness and Cyber Content Engineering & Automation.