This customer reached out to us when they suffered a considerable financial loss after falling victim to a spear–phishing attack.
The attacker was able to gain access to the email platform and monitor the email flow and exfiltrate contacts of our customer. The attacker had been lurking in their Office 365 for months, reading emails and learning about their processes and partners. Once they had gained the required knowledge, they launched their simple but effective attack. Posing as one of our customer’s partners, they sent a spoof email requesting their bank account details to be changed and for funds to be transferred into the new account. The email was sent to the correct employee and was a good imitation of how the partner’s emails usually look. Acting as instructed, the employee changed the account details and transferred the funds.
It was a few days later when the catastrophic error was realised. By this time, the funds were transferred to international bank accounts.
There was a combination of factors that contributed to this event happening:
- Firstly, the attacker was able to break into their network and read emails without being noticed by compromising employee’s usernames and passwords.
- Secondly, the attacker gained unauthorised access to the employee’s email accounts as they did not have multi-factor authentication enabled.
- Thirdly, the attacker exfiltrated the employees’ contact lists, selected the customer’s partner and created spoofed emails pretending to be the partner. The employee did not recognise the signs that it was a spoofed email.
- Recover the financial loss
- Gain visibility of their cyber security risk posture
- Gain assurance that attackers did not still have access to their business systems
Simplify Security Support
- Proactive and expert advice on fund recovery
- Delivery of a comprehensive cyber security risk assessment at a business level
- Execution of comprehensive internal and external network penetration testing
- Delivery of a complete Microsoft Security Assessment
- Completion of a compromise assessment to evaluate the customer security posture and determine if breaches were still actively occurring
- Customer recovered most of the funds
- Customer received a simple to understand risk assessment report with pragmatic recommendations and an improvement roadmap to implement additional security controls and improve their cyber security posture
- Customer received pragmatic and trusted advice and implementation support
- Customer gained assurance that there was no active breach occurring in their business network
- Customer obtained further visibility of the technical security gaps from the network penetration testing; both in an easy to understand language for business stakeholders and a technical report for the IT department
- Customer gained visibility of the gaps in Microsoft 365 with pragmatic recommendations and an improvement roadmap to implement additional security features
- Customer subscribed to one of our affordable monthly subscriptions-the security and compliance officer with 24×7 Managed Detection and Response and Threat Hunting expert service
Why Simplify Security?
Reliability you can trust
Let’s face it, Kiwis can be a bit laid back and that sometimes means companies not returning your calls, turning up on time or delivering on promises. Not us – we pride ourselves on reliability, dependability and integrity.
We all know there is a skills shortage in cyber security. Forget the stress of recruitment and retention by leveraging our highly skilled professionals. Just look at their accreditations - they know their stuff.
Employing a full time cyber security professional is not an affordable option for most SMBs. We offer competitive, affordablele and flexible subscriptions with no long term restrictive contracts.
Artificial Intelligence (AI) and automation are at our core. We use the power of AI to predict and protect against known and unknown threats, to keep your business and interests safe.
// Overview Amaru's MDR is aware of an active ransomware campaign targeting unpatched VMware ESXi hosts facing the public internet. On February 3rd, 2023 the French National CERT first reported a threat actor campaign targeting VMware ESXi hypervisors with the aim of...
The name Simplify Security doesn’t capture our mission enough. And as a result, we’re rebranding to Amaru. Bigger mission, same vision, same values, same purpose. When I started this business in 2019, I wanted to help organisations grow better with more innovative,...
Open-source intelligence (OSINT) is the practice of gathering, analyzing, and using information from publicly available sources. This can include data from websites, social media, news articles, government reports, and other sources that can be legally and ethically...