The following written piece is a re-imagination of real life events. As part of a 3 piece series, Cyber Unit hopes to use these case studies to bring to light the reality of online cyber-attacks and raise awareness for best practices.
Alex* is the owner of a lumber business situated out of town. They had been working from home occasionally before COVID-19 however the stay-at-home mandate expedited this transition and Alex found themselves in their home office more and more frequently. Alex preferred to ignore cybersecurity related recommendations under the ideology that most, if not all, cybersecurity related threats can be avoided by practicing rational online behavior.
In August, Alex discovered that their mailbox had been compromised. In fact, further investigation revealed that their mailbox had been compromised at least 4 months prior, via a phishing attack. During the 3-4 months that the actor had control of Alex's mailbox, the actor created multiple rules so that any emails that were finance-related (included words like invoice, payable, wire transfer etc.) were automatically forwarded to a secret folder, marked as read. Additionally, the actor created rules which also forwarded some of these emails to an external address. This was made possible largely thanks to Alex who already had 8-10 rules implemented in their mailbox; as a result, nobody noticed a couple extra rules being added.
At the crux of the attack, the actor would respond to email invoices or payables with their own bank account details and they would transfer company funds into their own pocket.
As a result of failure to secure their email inbox, Alex and their company lost money, reputation, time, and energy. At the end of the day, relying on built-in security measures might leave your organization open to cyber criminals that constantly capitalize on the number one attack vector: exploiting human nature and the lack of tight security - this case study is no exception.
Alex was caught off guard with a phishing email which is designed to use social engineering to exploit an organization’s employees. If an attacker can get a user to click on a malicious link or open an infected attachment, they can steal login credentials and other personal data or install malware on the employee’s computer.
An attacker will commonly send a phishing email masquerading as a legitimate shared document. Upon clicking on the link, the target will be prompted to enter their credentials for the service to view it, which sends these credentials to the attacker. If the organization has not configured their cloud infrastructure to provide visibility into account usage and implement access control, an attacker can use these stolen credentials to access sensitive data. Although this was not the case with Alex, should the malicious actor have been capable enough, the potential for further damage could have been a very real reality. (Source)
Cyber Unit was brought in to clean up Alex's system. Some of Cyber Unit's techniques and best practices include:
Without these basic features, an organization will always be vulnerable to email-borne threats, regardless of whatever other advanced technology it has deployed. (Source)
Feel free to reach out to us if you have any questions or concerns! Our cybersecurity professionals will be more than happy to help you with anything you need. Book an appointment with us today!