Phishing & Advanced Persistent Threat (APT)
Type of Attack: Phishing & Advanced Persistent Threat (APT)
Company Size: 2,000 employees
A company suddenly realized that $700,000 had been moved out of their bank account in error. Additionally, they weren’t receiving payments from some customers. It turned out an attacker was intercepting payment emails and rerouting the money to their own account. They quickly realized they were under attack and that the attacker had been deeply embedded in the organization for many months, unbeknownst to the organization.
What We Did
A member of our elite cybersecurity team went “head to head” with the attacker in order to evict him. Due to insufficient logging information and the attacker’s ability to cover their tracks, we were unable to determine a specific initial point of entry, but it was likely either a phishing email or through poorly managed and vulnerable externally accessible servers.
The company was relying on a number of outdated systems and applications, many of which contain known vulnerabilities. An attacker can easily leverage these known vulnerabilities to gain access to the network.
In this situation, we were able to deliver what we call “reasonable containment.” The company’s systems were simply too outdated and improperly managed to be able to decisively deliver “full containment.” The attacker was evicted, and we were able to deliver reasonable containment. Blue Team Alpha also contacted the FBI in an attempt to recover the funds. However, the company waited too long to contact an incident response firm, and the FBI was unable to do so. The company has not had any additional cybersecurity issues in more than 12 months since following Blue Team Alpha’s remediation recommendations.
Relying on outdated servers and applications that contain known vulnerabilities increases your chances of becoming victim of an attack. It also makes it harder to fully remediate an attack, potentially leaving your company at risk for future threats. We recommend taking a proactive approach to cybersecurity to shore up your defenses before an attack occurs.