fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Anatomy Of A $15 Million Cyber Heist On A US Company

The Anatomy Of A $15 Million Cyber Heist On A US Company

Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete.

The cybercriminal executed their plan with surgical precision after gaining access to email conversations about a commercial transaction. They inserted themselves in the exchange to divert the payment and were able to keep the theft hidden long enough to get the money.

Although researchers investigated events at a single victim, they found clues indicating that dozens of businesses in construction, retail, finance, and legal sectors are on their list of targets.

Phase 1 – man in the email

After the actor decided on a target, they spent about two weeks trying to access email accounts. Once in, they devoted another week collecting information from the victim’s mailbox and identifying an opportunity.

Ariel Parnes, Chief Engineering Officer at Mitiga, the company investigating the incident told BleepingComputer that their researchers did not find malware on the victim systems, pointing to email login compromise.

Email access was not enough, though, Parnes told us. Since the actor could lose that at any moment, they created email forwarding rules to get the messages from the monitored email inbox.

By also using the Microsoft Office 365 email service for domains impersonating the two parties involved in the transaction, the cybercriminals would be able to continue the attack.

Mitiga says that the threat actor delivered emails using an Office 365 account to reduce suspicion and evade detection. They also registered domains via a GoDaddy registrar (Wild West Domains) that were similar to those used by legitimate businesses (many of them in the U.S.).

These details allowed Mitiga to establish a pattern and discover more than 150 of these rogue domains, revealing the larger activity of the cybercriminal group.

For four weeks, the attacker carefully progressed with their plan using information gathered from the compromised inboxes of senior executives. They took over the conversation using the fake domains at the opportune moment to provide altered details for the money transfer.

Also Read: Privacy Policy Template Important Tips For Your Business

Phase 2 – securing the loot

It was not the end of it, though. Banks can lock a transaction when money goes to the wrong account, and the error is flagged in time. The threat actor was well aware of this detail and had prepared for this phase.

To conceal the theft until they moved the money to foreign banks and make it lost forever, the attacker used inbox filtering rules to move messages from specific email addresses to a hidden folder.

It was a move that kept the legitimate inbox owner unaware of communication about the money transfer. It lasted for about two weeks, Mitiga says, sufficient for the actor to make the $15 million disappear.

Mitiga’s role in this incident was to investigate what happened after the victim company realized that they lost the money to cybercriminals. The researchers are helping the FBI’s and the U.S. Secret Service’s efforts to track the attacker.

Organizations can strengthen their defenses against this type of attack by following a simple set of recommendations which include, among others, enabling two-factor authentication in Office 365 and preventing email forwarding to external addresses.

Additionally, MItiga recommends the following:

  • Enforce Office 365 password updates
  • Consider blocking email auto-forwarding to make it harder for cybercriminals to steal your information
  • Search for hidden folders within inboxes
  • Block legacy email protocols, such as POP, IMAP, and SMTP1, that can be used to circumvent multi-factor authentication
  • Ensure changes to mailbox login and settings are logged and retained for 90 days
  • Enable alerts for suspicious activity, such as foreign logins, and analyze server logs for anomalous email access
  • Consider subscribing to a domain management service
  • Increase awareness and review controls for wire transactions (phone authentication in addition to email, as well as verify signatures and accounts)

Also Read: Basic Info On How Long To Keep Accounting Records In Singapore?

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us