This series delves into real-life cybersecurity incidents encountered by small businesses that never imagined they’d be targeted. We uncover the specific methods by which breaches occurred, what resulting consequences the business faced, and most importantly, what small to medium-sized organizations can do to better safeguard against substantial losses. Our first story is about Wire Fraud.
IN THIS ARTICLE
What Happened
Why It Happened
How It Could Have Been Prevented
Key Insights
What happened
A malicious attacker gained access to the CEO’s email account. The attacker then sent an email to the finance department requesting a wire transfer of over $20,000. The employee who made the fraudulent transfer tried to verify the authenticity of the request to some extent, but still transferred the funds to the attacker, resulting in the business losing a significant amount of money.
Why it happened
Process
It’s impossible to verify the authenticity of a request solely over email because the account can become compromised. Credentials can be compromised in several ways, including 3rd party service breaches, password reuse, password sharing, phishing, and social engineering. That’s why this organization had a phone verification process in place for high-risk requests like wire transfers. Unfortunately, while the finance department was initially suspicious of the request, the threat actor still convinced the employee that the CEO was unavailable to take a call, largely because they closely mimicked their style and tone.
Even if you have a documented, secure verification process, your organization can still be susceptible to a breach if that process is not ALWAYS followed. This is especially true for those in finance, leadership, or C-level roles.
Technology
Why was this breach not detected before the funds were wired? Unfortunately, since the email account was compromised, base security features were not sufficient to detect the breach. Microsoft Defender would not have mitigated the threat since the attacker used legitimate login credentials and multi-factor authentication was not enabled.
How It Could Have Been Prevented
Communication Protocols
Establishing foolproof communication protocols is not just a suggestion, but a necessity. Educating staff about the importance of verifying critical requests through secure channels, such as phone calls, adds an essential layer of protection. In this example, the finance team member tried to verify the wire transfer request, but they attempted to verify the request using the compromised email address itself, where the CEO’s identity could not be verified.
Security Awareness Training
The most effective protection for attacks like these isn’t technology – it’s educating your staff on what an attack looks like and how to keep the company safe when they see something suspicious. Your users are the first line of defense and, naturally, the easiest targets. Security awareness training platforms like KnowBe4 can help by offering both guided user training and frequent testing through simulated email phishing attacks.
Advanced Detection Software
Traditional security tools may have limitations, but advanced solutions like WingSwept’s Managed Threat Detection for Microsoft 365 can identify unusual activity, such as logins from unfamiliar IP addresses. This information triggers a reliable verification process, heading off potential threats.
In the event of a business email compromise, Managed Threat Detection for Microsoft 365 also provides the protective layer of a 24/7 Security Operations Center, which reviews any detections and takes quick action to mitigate the compromise. It also gives insight into crucial details, including how access was gained and whether the threat actors’ access was successfully severed from your email.
Key Insights
Most people with a fence around their house still lock their doors, the fence is just an added layer of protection. The same is true with networks – perimeter defense is important but no single piece of software or equipment can stop every attack. Well-designed networks include several layers of security such as stringent password policies, firewalls, and multi-factor authentication, in combination with user-centric training and protocols.
This article marks the beginning of our unwavering commitment to unraveling cybersecurity incidents. We are dedicated to equipping businesses with essential knowledge and effective strategies to confidently navigate the digital landscape. Join us on this enlightening journey as we delve into diverse incidents, unravel their intricacies, and empower you with the tools to fortify your defenses against the ever-evolving threat landscape.