IT Security: A customer case that will wake you up!

In recent months, there have been constant reports in the news about cyberattacks in Switzerland. Additionally in connection with the attacks, prominent names such as Comparis, AMAG, Stadler Rail but also Messe Basel have surfaced. Since the onset of the Corona pandemic, there has been an exponential increasein cyberattacks on businesses. This was the case globally and is therefore not unique to Switzerland. IT security is increasingly becoming the focus of companies’ IT strategy.

According to an analysis by the Observer, there have been around 4,800 attacks on Swiss companies in the last five years. Of these, 2,700 recent attacks have occurred in the last 12 months. These figures are about companies where data has effectively been stolen and this data has additionally surfaced on the darknet. These were the companies that did not respond to the ransom demands. Therefore the number of unreported attacks in Switzerland is accordingly much higher. According to experts’ estimates, about 40% of the affected companies respond to the ransom demands.

IT Security: Use case at our customer company XY

Facts:
It is about a company in the construction industry with about 65 employees, of which about 10-15 are office staff. The situation started at the end of June, because the managing director went on vacation. After a few days, the CEO sent an email from his vacation to the finance department asking for a payment on account. The responsible employee contacted the managing director with a query. This was quickly answered by mail and as a result the payment on account was executed. Furthermore, a few days later, another request was sent to the finance department, with a new request for payment. Since the matter was the same as the first payment, this was handled swiftly. Accordingly, the shock moment occurred after the return of the managing director from vacation.

What actually happened – redIT in demand as IT partner

After the cyber attack was detected, redIT was informed and brought on board. We got to the bottom of the case, reconstructed the whole thing and found out what actually happened:

The executive director went on vacation. From this point on, the attacker has managed to gain access to the CEO’s mailbox. At the same time, a redirection for all mails was defined so that the managing director would no longer receive any mails. In this case, it meant that the original mail with the payment on account came from the attacker. The queries and all further mails landed directly with the attacker again or were intercepted by him. The managing director was completely unaware of the whole thing.

What redIT questioned was the fact that it all happened at the beginning of the vacations. In addition, the e-mails were very close to the style of the managing director in terms of style, choice of words and tone of voice. Therefore, we researched even deeper. It turned out that access to the account had not been obtained during the vacation season, but already at the end of April. Clearly, the first registrations from outside were registered at that time. This means that the attacker has acquired the knowledge about writing style, dealing with employees, etc. in advance.

After lengthy discussions and analysis, it then emerged that a private password had been leaked by the CEO. However, since he had the same password on several accounts, thus the business account was also successfully hacked.

At this point: please think about how it looks for you. How many accounts do you use the same password for?

We know that it is very tempting to use the same password for different accounts. (Be it social media, Netflix, telecom, health insurance, etc.).

«How can you address the whole IT security issue?»

You can protect yourself from such attacks! Basically, it is essential to think about the entire IT security in the company. During a security assessment, every point where gaps exist or where there is a need for action is analyzed.

Because IT security behaves like a chain, it is only as strong as its weakest link. In the above case, the human was the weakest link. This is generally when we perform a Security Assessemnt the realization that the human as well as the infrastructure are usually the “weakest” links in the security chain.

When it comes to people, a proven method is to strengthen the link through education and security training. For this topic we offer security awareness trainings, which we conduct with our customers. The training sessions are mainly about making employees aware of where the dangers lurk on the Net. Such as phising, scam, viruses, trojans, social engineering, etc.

Not to be forgotten is to additionally train how to react properly when something goes wrong. And thus contributes to the IT security in the company. If desired, the training courses can be preceded by targeted simulated phishing attacks on the company’s own employees. Accordingly, this phising attack is addressed in training and analyzed where one fell in. After the training, simulated attacks on the employees are carried out again in order to check the learning effects.

Phishing Mail

You read an email and suddenly you are confronted with another stressful situation.

Is the light on my car on? – How do I drive home today when I have no battery left?

Impulsively, we check if it really does not concern us. If you click on the link, it has happened, although there are several signs that indicate that it is a ”fake” or phishing mail. If you pay close attention to the information, you can see that the sender address does not correspond to the company domain. You also receive a warning from Microsoft that the sender is not verified. Moreover, spelling errors are often evident. Use our Phish Threat product to test whether your employees are fit to deal with abusive mails, so-called “phishing mails”.

«Why is it being approached this way?» – Explaining the need for IT security

There is a theory which says that our brain consists of two systems:

• System 1: Works very intuitively and automatically – we need it to think when we drive a car, for example, or remember our age in conversation.
• System 2: Works in a problem-solving and focused way – we use it to think slowly, for example, when calculating a math problem or filling out our tax return

Since slow thinking requires conscious effort, System 2 is best activated when we have self-control, are concentrated or focused. In situations where this is not the case, for example when we feel tired or stressed, system 1 impulsively takes control and impairs our judgment.

Management von Schwachstellen

But these are not the only dangers for companies. In our experience, the IT infrastructure is often relatively poorly maintained. That’s why vulnerability management involves looking at your own infrastructure and applications and analyzing where the vulnerabilities are in them. In addition, the potential threats and entry points for attackers are identified. The whole thing is always done with the ulterior motive of making life a little easier for employees.

Think about how many printers are in use in your company? There may even be printers that were not purchased through your IT department and were put into operation “quickly”. Most printers have factory default passwords like “admin root” or other obvious number combinations.

If an attacker manages to gain access to such a printer, it is relatively easy for him to distribute malware via this printer. Just as easy as reading everything that is printed and selling or publishing it on the web. Therefore, it is also important to keep in mind that the more systems and applications are in use, the greater the risk that something will be forgotten. With our vulnerability management, we eliminate precisely such problems.

The former director of the FBI once said on the subject:

There are only two types of companies: those that have been hacked and those that will be hacked.

Don’t be one of them and take a look at our individual solutions for your IT security! – Contact us or learn more about our IT security offering:

redCLOUD Phish Treat

Security Assessment

Security Awareness Training

Vulnerability management