Skip to content
Close
SEARCH
CONTACT
PHONE HOTLINE: 1.877.745.2729E-MAIL: sales@miraisecurity.com
Under Attack?
PHONE HOTLINE: 1.877.745.2729E-MAIL: sales@miraisecurity.com
Under Attack?
mirai bg-2

PAYBYPHONE SECURES SYSTEMS

FROM A CRITICAL VULNERABILITY THANKS TO MIRAI SECURITY

PROJECT SUMMARY

  • In 2022, PayByPhone hired Mirai Security to conduct a penetration test.
  • Mirai discovered and corrected a critical vulnerability that PayByPhone’s other security partners had yet to disclose.
  • The vulnerability could have been exploited and potentially allowed an attacker to gain domain access and wreak havoc on the company’s digital infrastructure.
pbp_02
mountains-bw-contract-docs
"Mirai found a vulnerability on our AD that the previous six years of pen testing hadn’t found. That’s value.”
Alan Ottnad
ALAN OTTNADDIRECTOR OF IT COMPLIANCE @PAYBYPHONE

THE PROJECT

In 2022, PayByPhone hired Mirai Security to conduct a penetration test. The company had recently undergone a significant infrastructural change and was required to prove it could operate securely in its new environment.

Penetration testing is prescribed by the Payment Card Industry Security Standards Council (SSC), a global forum that maintains the Payment Card Industry Data Security Standard (PCI DSS). As these penetration tests must be conducted impartially, PayByPhone had to find the right cybersecurity partner to verify its infrastructure was secure.

Although PayByPhone maintains working relationships with several cybersecurity companies, Mirai Security was the only vendor available to conduct this test in a timely and efficient manner.

Alan Ottnad, PayByPhone’s Director of IT Compliance, cites Mirai’s professionalism and expertise during previous engagements as a deciding factor in trusting Mirai once again:

“There was no hesitation in hiring Mirai for this test, as we know the quality of the team Alex [Dow, Mirai CIO] has put together and the company’s leadership.”

pbp_01

During the test...

Mirai uncovered a previously unnoticed and potentially COSTLY vulnerability.

Our penetration testers discovered a critical vulnerability that PayByPhone’s other security partners had yet to disclose. The vulnerability concerned the use of Microsoft’s Active Directory (AD) service, which is deployed by many companies to manage network resource access.

If left unchecked, the vulnerability could have been exploited and potentially allowed an attacker to gain domain access and wreak havoc on the company’s digital infrastructure.

In Ottnand’s words, “That could have become a breached account with a straight escalation of privilege to the highest level of authority within our organization. It could have done severe damage and basically shut us down.”

OUTCOME

Fortunately, our team acted quickly and professionally so the vulnerability could be patched. 

“My job is to make sure we get the best value for our audit dollar." said Ottnad. "Mirai found a vulnerability on our AD that the previous six years of pen testing hadn’t found. That’s value.”

pbp_03

PAYBYPHONE

is a global leader in parking payment solutions. The company's smart cashless parking app is used in more than 1,200 cities across three continents.

Founded in 2001, PayByPhone sought to take the pain out of parking. Its user-friendly mobile app eliminates the need to use coins or terminals, greatly simplifying the daily journeys of its growing customer base. Since then, it has accumulated more than 70 million users while processing hundreds of millions of payments each year.

PayByPhone’s tremendous success has brought its share of cybersecurity challenges, such as maintaining compliance with regional privacy requirements across three continents and ensuring the payment information of its massive user base is secure.

PayByPhone-logo-sml-1
grc-careers

CONTACT A CYBERSECURITY EXPERT

Mirai Security is a trusted cybersecurity partner for businesses across North America.

If you have an information security problem to solve or a challenge to discuss, we'd love to hear from you.
CONTACT AN EXPERT