During the first 3 weeks of Q1 in 2021, a transport business within the UK was hit by a cyber-attack where an email with a document containing a link to a fake portal was sent to the employees of the organisation.
How did the attack work?
The fake portal required the recipient to log in using Office 365/G-Suite authentication credentials. When recipients logged in, their credentials and passphrases were harvested and then used to access the victims' mailboxes. Once logged in, the attackers leveraged email addresses from recently sent/received emails to propagate the attack.
This resulted in the organisation coming under a sustained attack from 5 different sources. Members of staff correctly identified the attack before entering credentials and reported it. This allowed IT security to implement rules in the business's email system to prevent the delivery of malicious messages from the affected third parties, until the business had confirmed the compromised source mailbox had been secured.
Read the full case study below:
How can I prevent my business from suffering a similar attack?
Ensure email filtering solutions are implemented and tuned to the greatest extent to identify and block phishing emails.
Ensure your staff have adequate cyber security training so they know how to identify, respond and report the phishing attack that in principle compromised their passphrase.
Configure web proxies (or equivalent) to prevent access to phishing websites and updating as frequently as possible with the latest information of malicious websites.
Implement multi-factor authentication on internet-facing systems like cloud-based email accounts mitigates attacker access, even if they get hold of the passphrase.
Produce guidance for your third parties which provide services on your behalf. This encourages them to take action to secure their businesses, including implementing anti-malware, multi-factor authentication and training.
How can The Cyber Resilience Centre for the West Midlands help my business?
If you have found these tips useful, why not become a member of the WMCRC and receive regularly tips and tricks like this?
Businesses in the West Midlands can sign up for a free membership online and receive a welcome pack full of practical resources and tools that will help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats, designed to help you stay safer.
Take a look at our website for more information www.wmcrc.co.uk/membership.