Case Study

This customer reached out to us when they suffered a considerable financial loss after falling victim to a spear–phishing attack.

Book a Free Cyber Security Assessment

Our Partners

Introduction

The attacker was able to gain access to the email platform and monitor the email flow and exfiltrate contacts of our customer. The attacker had been lurking in their Office 365 for months, reading emails and learning about their processes and partners. Once they had gained the required knowledge, they launched their simple but effective attack. Posing as one of our customer’s partners, they sent a spoof email requesting their bank account details to be changed and for funds to be transferred into the new account. The email was sent to the correct employee and was a good imitation of how the partner’s emails usually look. Acting as instructed, the employee changed the account details and transferred the funds.

It was a few days later when the catastrophic error was realised. By this time, the funds were transferred to international bank accounts.

There was a combination of factors that contributed to this event happening:

Firstly, the attacker was able to break into their network and read emails without being noticed by compromising employee’s usernames and passwords.
Secondly, the attacker gained unauthorised access to the employee’s email accounts as they did not have multi-factor authentication enabled.
Thirdly, the attacker exfiltrated the employees’ contact lists, selected the customer’s partner and created spoofed emails pretending to be the partner. The employee did not recognise the signs that it was a spoofed email.

Customer’s Challenges

Recover the financial loss
Gain visibility of their cyber security risk posture
Gain assurance that attackers did not still have access to their business systems

Simplify Security Support

Proactive and expert advice on fund recovery
Delivery of a comprehensive cyber security risk assessment at a business level
Execution of comprehensive internal and external network penetration testing
Delivery of a complete Microsoft Security Assessment
Completion of a compromise assessment to evaluate the customer security posture and determine if breaches were still actively occurring

The results

Customer recovered most of the funds
Customer received a simple to understand risk assessment report with pragmatic recommendations and an improvement roadmap to implement additional security controls and improve their cyber security posture
Customer received pragmatic and trusted advice and implementation support
Customer gained assurance that there was no active breach occurring in their business network
Customer obtained further visibility of the technical security gaps from the network penetration testing; both in an easy to understand language for business stakeholders and a technical report for the IT department
Customer gained visibility of the gaps in Microsoft 365 with pragmatic recommendations and an improvement roadmap to implement additional security features
Customer subscribed to one of our affordable monthly subscriptions-the security and compliance officer with 24×7 Managed Detection and Response and Threat Hunting expert service

Why Simplify Security?

Reliability you can trust

Let’s face it, Kiwis can be a bit laid back and that sometimes means companies not returning your calls, turning up on time or delivering on promises. Not us – we pride ourselves on reliability, dependability and integrity.

Skilled staff

We all know there is a skills shortage in cyber security. Forget the stress of recruitment and retention by leveraging our highly skilled professionals. Just look at their accreditations - they know their stuff.

Cost-effective services

Employing a full time cyber security professional is not an affordable option for most SMBs. We offer competitive, affordablele and flexible subscriptions with no long term restrictive contracts.

Leading protection

Artificial Intelligence (AI) and automation are at our core. We use the power of AI to predict and protect against known and unknown threats, to keep your business and interests safe.

Blog

[Security Advisory] Active Exploitation of Unpatched VMware ESXi Servers

// Overview  Amaru's MDR is aware of an active ransomware campaign targeting unpatched VMware ESXi hosts facing the public internet. On February 3rd, 2023 the French National CERT first reported a threat actor campaign targeting VMware ESXi hypervisors with the aim of...

We are becoming Amaru

The name Simplify Security doesn’t capture our mission enough. And as a result, we’re rebranding to Amaru. Bigger mission, same vision, same values, same purpose. When I started this business in 2019, I wanted to help organisations grow better with more innovative,...

What is OSINT and what are the benefits?