In recent weeks INFINITY were alerted to a potentially severe phishing attack by one of our clients – a local Uttoxeter company. They were involved in a ‘man in the middle’ attack.
Here’s what happened:
1. Our client’s customer was hacked
2. Hacker accessed the customers Office 365 account and sent emails to our client
3. Hacker successfully breached our client and accessed their Office 365 account
4. Hacker sent emails from our client to the customer (deleting the trail)
Our client became aware of the attack upon chasing payment from their customer, whom insisted they had made the payment (a huge SIX figure sum). Fortunately, this payment was caught in time and stopped and INFINITY were alerted right away.
Upon investigation, INFINITY recovered deleted emails and could see that the hacker had sent updated payment details via one of their email addresses and subsequently confirmed it was a legitimate email when questioned by the customer.
Nigel Briden, Operations Director said “When we alerted INFINITY they were onsite within 20 minutes and truly acted like a forensics team to get to the bottom of the situation.”
Steps taken for resolution and future protection:
– All passwords changed with immediate effect
– Enabling and installing Multi-Factor Authentication on all users devices – MFA requires the users mobile device to confirm identity before allowing access to the Microsoft Office 365 account (this is something that INFINITY have recommended in the past and do recommend for most businesses)
– Locked down Office 365 access so that it is only available via the BRIT PLANT public IP address (where there is no MFA)
– Ran an additional in-depth health check to ensure all areas of the business were secure
– Provided onsite user training – educating your users should be a top priority when protecting your business
It’s often a misconception that anti-virus / anti-malware software provides complete protection. Whilst it is important to have anti-virus software in place, it is often not able to pick up on this type of attack. INFINITY recommend Multi-Factor Authentication to most businesses and although you do not have to take on board all recommendations, we hope that this case highlights the importance of MFA and allows you to make an informed decision. Another useful practice is to state in your email signature that updated bank details will never be shared via email.
Nigel went on to comment “This has been a huge learning curve for myself and all of the team. We now realise the importance and urgency of implementing recommendations from our IT supplier. You don’t expect this to happen in a small business that has a good infrastructure in place, and this incident highlights that any business can be a target, large or small so you must take all of the necessary steps to prevent these types of attacks.”
Thank you to Nigel for allowing INFINITY to share this story. We hope that this will highlight the importance of implementing MFA, educating your users and protecting not only your business, but your customers too.
Please note: No other customers were affected by this phishing attack.