It happens to the best of us: how would you detect a data breach?

IT News reports that last week an IT Manager at Collins Foods, operators of hundreds of KFC stores across the world, accidentally clicked on a malicious link in an email, allowing hackers to briefly take over his or her email account and issue fake invoices to contacts.

It’s an illustration of how quickly attackers can take advantage of a business email compromise and how careful we all need to be today.

Although the article doesn’t detail how the hack was discovered, it’s likely that some alert recipients of the fake invoices contacted the company.  This points to how important it is to alert your clients and suppliers of your information security practices as well.  Let them know who sends invoices, when invoices are sent, the format the email will take etc, so that invoices which arrive outside those parameters can be scrutinised more closely.  The same level of caution should be applied to any unexpected file attachment.

We wrote a blog back in 2016 arguing that attackers needed to take English writing courses because it would dramatically increase their success rates.  We’re glad to say that it hasn’t happened just yet but they’re certainly getting better.

Just last week a town planning firm with Sydney connections (not a Computer One client) was the victim of an attack where a compromised email address was used to send ransomware-containing zip files purporting to be part of a digital transformation drive.

One of the clients targeted in the attack spotted the phishing message and wrote back to the originating email address to clarify that the send was real, only to get an immediate reply from the attacker, who had complete control of the account.

“I sent this file its finance related and it is legitimate . We are sharing all our important legal document for 2018 to our important partners and contacts. Its protected from virus. We just need to verify your email address and correct password for secured authentication to be able to view documents securely online.

Thanks for confirming.”

You can see the grammatical mistakes, but they’re not as bad as they were, say, 2 years ago.  And the fact that this reply was received within 60 seconds of sending the challenge back to the sender shows how ready the attacker was to complete the ruse.

How would you spot an attack?  Do you have software tracing the movement of information on your network and flagging suspicious activities, or would you need a more human-based approach?  If so, have you alerted your clients and suppliers to your information security practices?  Do you have a breach response plan that you can roll out quickly in the event of a successful attack?  If not, please call us on 13200 667 871 or fill in the form on this page.  We can help you prepare.