Case Study – UK transport business suffers scam email cyber attack

During the first 3 weeks of Q1 in 2021, a transport business within the UK was hit by a cyber-attack where an email with a document containing a link to a fake portal was sent to the employees of the organisation.


How did the attack work?

The fake portal required the recipient to log in using Office 365/G-Suite authentication credentials. When recipients logged in, their credentials and passphrases were harvested and then used to access the victims' mailboxes. Once logged in, the attackers leveraged email addresses from recently sent/received emails to propagate the attack.


This resulted in the organisation coming under a sustained attack from 5 different sources. Members of staff correctly identified the attack before entering credentials and reported it. This allowed IT security to implement rules in the business's email system to prevent the delivery of malicious messages from the affected third parties, until the business had confirmed the compromised source mailbox had been secured.


Read the full case study below:

WMCRC Case Study
.pdf
Download PDF • 119KB

How can I prevent my business from suffering a similar attack?

  • Ensure email filtering solutions are implemented and tuned to the greatest extent to identify and block phishing emails.

  • Ensure your staff have adequate cyber security training so they know how to identify, respond and report the phishing attack that in principle compromised their passphrase.

  • Configure web proxies (or equivalent) to prevent access to phishing websites and updating as frequently as possible with the latest information of malicious websites.

  • Implement multi-factor authentication on internet-facing systems like cloud-based email accounts mitigates attacker access, even if they get hold of the passphrase.

  • Produce guidance for your third parties which provide services on your behalf. This encourages them to take action to secure their businesses, including implementing anti-malware, multi-factor authentication and training.


How can The Cyber Resilience Centre for the West Midlands help my business?

If you have found these tips useful, why not become a member of the WMCRC and receive regularly tips and tricks like this?


Businesses in the West Midlands can sign up for a free membership online and receive a welcome pack full of practical resources and tools that will help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats, designed to help you stay safer.


Take a look at our website for more information www.wmcrc.co.uk/membership.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.