Implementation of advanced threat protection helps supplier recover from phishing attack and strengthen security posture.
A leading South African supplier to the logistics sector discovered that it was the victim of a malicious phishing and scamming attack that compromised their systems and resulted in fraudulent emails and invoices being sent out to contacts from the mailbox of a senior employee, and turned to Braintree, the consulting and integration division of Vox, for assistance.
The matter was only brought to the organisation’s attention when a recipient of one of these fraudulent emails questioned its authenticity, highlighting the need for the ability to detect and mitigate such phishing attacks as soon as they occur, in order to protect against reputational damage, data loss, or even financial loss.
And increasingly, legislation being put in place worldwide to protect data privacy, such as the General Data Protection Regulation (GDPR) in the European Union, holds organisations accountable if customer information is lost or misused as a result of poor data management and protection practices.
“Cybercrime has turned into big, organised business, with small and medium corporates high on their list of targets as these organisations often do not give security the same level of consideration as larger companies, who might have entire teams dedicated to take care of their security. Data in fact shows that 58% of breaches take place at smaller organisations, and the average cost per breach is US$120 000.
Though there has been a long-standing misconception that only the enterprises are at risk from cybercrime, this is changing and more small businesses are getting serious about security,” says Chris Badenhorst, Strategic Head for Azure at Braintree.
These smaller organisations often operate in a hybrid environment, with some of their functions in the cloud, and the rest on premise – where the biggest threat is presently. Turning to a partner like Braintree provided the affected customer with access to some of the leading, certified security consultants in the industry, who are able to combine software with global best practices and local industry expertise. The solution was not to just sell a product, but to provide a full range of software and hardware recommendations to ensure that the customer can significantly improve their security score.
Remote and on-premise assistance
The successful attack happened despite their efforts to protect their environment, with a malicious Outlook Rules Exploit that originated from an usual phishing method: targets receive emails from people who are their contacts or known organisations, that include links. When the link is clicked on, they are taken to a fake Office 365 login page aimed at stealing their details, and adding Outlook rules that forward the target’s emails – usually those that are financial in nature – to the hackers. Emails may also be sent to the target’s contacts in order to spread the malware further.
Following an audit of their existing software, it was recommended that they migrate to using Microsoft 365 Business Premium, which provides them with advanced identity, security and device management features. While the licenses for users were set up remotely, a managed IT services team from Braintree was sent out to the customer in order to roll out Microsoft Defender for Office 365, which helps protect against threats that come via email attachments and links, as well as ransomware, malware and zero-day threats.
“The managed IT team then carried out deep scans of PCs and laptops – while unplugged from the broader network – at the customer premises in order to remove the malware within the course of an afternoon. Following this they began applying upgraded security policies to protect the businesses information on mobile devices, using Microsoft InTune,” says Badenhorst.
The time taken to recover from cyber attacks is largely dependent on the nature of the attack and its severity. This particular customer was fortunate in that the malware was discovered before it could cause more severe harm. Servers that are held captive by ransomware, where even a company’s backups might still carry the malware, can take much longer to resolve.
Braintree also helped set up Azure Information Protection, which provides the customer with data loss protection (DLP) features, including the ability to better track, manage and protect their emails, documents and other confidential information shared with people from outside the organisation.
“All these improvements means that both Braintree and the customer are immediately alerted if there is either a breach, or if there is an attempt to send sensitive information via email to external parties. What we have put in place will ensure that the business is taking a more proactive approach to mitigating risks and improving their security score,” says Badenhorst.