Case study: Rhebo detects attempted sabotage by internal perpetrators

, Leipzig
Digital Forensics Rhebo Whitepaper
  • Current case study sheds light on sabotage attempts in a global logistics company
  • Network analysts from Digital Forensics used Rhebo Industrial Protector to investigate and stop sabotage attempts
  • Costs in the high millions were prevented

Leipzig, Germany, November 6, 2018 - The damage had already occurred when Digital Forensics, a specialist company providing network analysis services, was acquired by an international logistics company to investigate in the case: At three of the logistics company's end customers, the logistics systems had failed in one single blow and resulted in costs in the three-digit million range. After an initial analysis of the network activities, the specialists at Digital Forensics decided to monitor the communication in the control system continuously and in detail using Rhebo Industrial Protector.

After several months without any incidents attributable to sabotage, the anomaly detection found and reported suspicious communication via remote access to the end customers. Within a very short time it could be proven that these were irregular shutdown commands from an internal company workstation. Due to the real-time notification and the complete storage of all communication details, the repeated sabotage attempt was detected and prevented before any damage was done.

»Sabotage from in-house sources is very difficult to detect because the processes take place within the secured zones«, Dr. Jens Pittler, Head of Technology at Digital Forensics, explains. »With Rhebo Industrial Protector, we were able to open up a view into the control system and monitor every communication process. The storage of all anomaly details enabled us to perform a very accurate analysis and trace the incident to a particular workstation. With the results, our customer was able to work specifically on optimizing his network security and greatly reduce the risk of future acts of sabotage – internally and externally.«

In the case study »Sabotage Investigation in Logistics Company«, Rhebo and Digital Forensics discuss the challenges of sabotage analysis in industrial networks and how Rhebo Industrial Protector not only supports sabotage investigation, but also helps to prevent attacks.

The case study can be downloaded here.

About Digital Forensics

Digital Forensics GmbH is a german company specializing in forensic analysis of large-volume network traffic in industry and insurance. The company evaluates cases of damage and analyses cyber attacks. Knowledge of industry-specific protocols such as Profinet, OPC, S7 or IEC61850 as well as their evaluation form a focal point of the work.

About Rhebo

Rhebo is a German company that specializes in the reliability and resilience of industrial companies and critical infrastructure. With its solutions and services, Rhebo monitors and analyzes all data communication within industrial control systems, reports anomalies in real-time , thus increasing the cybersecurity and productivity of industrial control systems. Rhebo is one of the top 30 industrial security providers in Gartner's »Market Guide for Operational Technology Security 2017«. The company is also a member of Teletrust - Bundesverband IT-Sicherheit e.V. and Bitkom e.V.


Kristin Preßler
COO Rhebo GmbH
Tel. +49-341-393-790-180