IT Security: A customer case that shakes you up!
In recent months, reports of cyber attacks in Switzerland have continually appeared in the news. Prominent names such as Comparis, AMAG, Stadler Rail and also Messe Basel have appeared in connection with the attacks. Since the start of the Corona pandemic there has been an exponential one Ascent of cyber attacks on companies. This was the case globally and therefore does not only apply to Switzerland. IT security is increasingly becoming the focus of companies' IT strategies.
According to an analysis by the Observer, there have been around 4 attacks on Swiss companies in Switzerland in the last five years. Of these, 800 recent attacks took place in the last 2 months. These numbers are about companies from which data was actually stolen and this data also appeared on the dark web. These were the companies that did not respond to the ransom demands. The number of unreported attacks in Switzerland is therefore much higher. According to experts' estimates, around 700% of the affected companies respond to the ransom demands.
IT Security: Use case at our customer company XY
Facts:
It's about a company in the construction industry with around 65 employees, of which around 10-15 are office employees. The situation started at the end of June because the managing director went on vacation. After a few days, the CEO sent an email from his vacation to the finance department requesting a payment on account. The responsible employee contacted the managing director with a query. This was answered quickly by email and as a result the payment on account was carried out. Furthermore, a few days later a new request was sent to the finance department with a new request for payment. Since the issue was the same as the first payment, this was processed quickly. Accordingly, the moment of shock occurred after the managing director returned from vacation.
What actually happened – asked redIT as an IT partner
After the cyber attack was detected, redIT was informed and brought on board. We investigated the case, reconstructed the whole thing and found out what actually happened:
The managing director went on vacation. From this point on, the attacker managed to gain access to the managing director's mailbox. At the same time, a redirection was defined for all emails so that the managing director no longer receives emails. In this case, this meant that the original email with the payment on account came from the attacker. The queries and all other emails ended up directly with the attacker or were intercepted by him. The managing director didn't notice anything about the whole thing.
What redIT questioned was the fact that the whole thing happened at the beginning of the holidays. In addition, the emails were stylistically very close to the managing director's style in terms of word choice and tone. So we investigated even deeper. It turned out that access to the account had not only been gained during the holiday season, but at the end of April. The first external registrations were clearly already made at that time. This means that the attacker has previously acquired knowledge about writing style, dealing with employees, etc.
After lengthy discussions and analysis, it turned out that a private password had been leaked by the CEO. However, since he had the same password for several accounts, the business account was also successfully hacked.
At this point: Please think about what it looks like for you. How many accounts do you use the same password for?
We know it's very tempting to use the same password for different accounts. (Be it social media, Netflix, Telecom, health insurance, etc.)
“How can you approach the whole issue of IT security?”
You can protect yourself from such attacks! Basically, it is essential to think about the entire IT security in the company. At a security assessment Every point where there are gaps or where there is a need for action is analyzed.
Because IT security behaves like a chain; it is only as strong as its weakest link. In the above case, humans were the weakest link. In general, when we carry out a security assessment, we recognize that people and the infrastructure are usually the “weakest” links in the security chain.
When it comes to people, a proven method is to strengthen the link through training and security training. For this topic we offer Security awareness training which we carry out with our customers. The main aim of the training is to make employees aware of where the dangers lurk online. Such as phishing, scams, viruses, trojans, social engineering etc.
It should not be neglected to also train how to react correctly if something goes wrong. And thus contributes to the IT security in the company. If desired, you can carry out targeted simulated phishing attacks on your own employees in advance during the training. Accordingly, this phishing attack will be discussed in training and where it fell into will be analyzed. Following the training, simulated attacks on employees are carried out again in order to check the learning effects.
Phishing mail
You read an email and are suddenly confronted with another stressful situation.
Are the lights on in my car? – How do I drive home today if I have no battery left?
Impulsively we check whether it actually doesn't affect us. If you click on the link, it has happened, although there are several signs that indicate that it is a ''false'' or a phishing email. If you pay close attention to the information, you can see that the sender address does not correspond to the company domain. You also receive a warning from Microsoft that it is not a verified sender. Typographical errors are often visible. Test with our product Phish threatwhether your employees are fit to deal with abusive emails, so-called “phishing emails”.
“Why is the whole thing being approached this way?” – Explaining the need for IT security
There is a theory that says our brain consists of two systems:
- System 1: Works very intuitively and automatically - we need it to think, for example when we drive a car or remember our age in a conversation.
- System 2: Works in a problem-solving and focused manner - we use it to think slowly, for example when we calculate a mathematical problem or fill out our tax return
Because slow thinking requires conscious effort, System 2 is best activated when we have self-control, concentration, or focus. In situations where this is not the case, for example when we feel tired or stressed, System 1 impulsively takes control and impairs our judgment.
Vulnerability management
But these are not the only dangers for companies. In our experience, your own IT infrastructure is often relatively poorly maintained. That's why we're going with Vulnerability management on your own infrastructure and applications and analyze where the vulnerabilities are located. In addition, potential dangers and entry points for attackers are identified. The whole thing is always done with the ulterior motive of making life a little easier for employees.
Are you thinking about how many printers your company uses? There are even printers that were not purchased through your IT department and were put into operation “quickly”. Most printers have factory default passwords such as “admin root” or other obvious number combinations.
If an attacker manages to gain access to such a printer, it is relatively easy for him to distribute malicious software via this printer. Just as easy as reading everything that is printed and selling or publishing it online. It is therefore important to remember that the more systems and applications are in use, the greater the risk that something will be forgotten. With our vulnerability management, we eliminate exactly such problems.
The former director of the FBI once said on the subject:
There are only two types of companies: those that have been hacked and those that are still being hacked.
Don't be one of them and take a look at our individual solutions for your IT security! – Contact Us or find out more about our IT security offering: