It is this connection speed that has allowed the "cloud" to become ubiquitous in today's business climate. But the cloud is not some magical new device, it is actually a server owned by someone else located somewhere else. In the past it was imperative we protect a business server from attack via strong passwords, firewalls and/or virus software. Hackers were searching public IP addresses for Exchange, SQL and other servers to attack. They still are and Office 365 is a prime target. Although the online services scan the incoming email for malicious content, not all is prevented from getting through. Users constantly receive email phishing attempts trying to coerce them out of their login info by verifying the account to a bogus link.
I have one client who I provide accounting software/services who use Office 365 purchased by their in-house IT department. He told me the phishing/spam seemed to increase when they switched to the online service. They too had an account hacked in an attempt to steal money.
In the past month, 2 different clients of mine had their Office portal passwords compromised. These were not obvious passwords either. In one case the hacker worked silently and studied the email in the inbox gleaning the firm's banker information and other data that could be used for financial gain. The hacker then created inbox rules so that any incoming emails that contained information related to the banker's email address or containing words such as "wire transfer" was forwarded to a Gmail account and then deleted so the compromised account holder wasn't aware of his actions. The information gathered allowed the hacker to act on behalf of the compromised user for certain actions. The hacker then attempted a wire transfer which the alert banker was suspicious of because the signature block was normal and it was not the standard operating procedure for the firm.
When I was contacted we immediately changed her portal password and upon analysis of the email determined the origin of the IP address was Nigeria. Changing the password stopped any further meddling by the hacker but we still did not know about the rules the hacker had created.
The company also used an online recruiting firm to fill positions in the firm. The hacker had created a rule to divert email from the recruiting agency to the Gmail account and then delete the email to hide his actions. Next, the hacker requested a password reset which was forwarded to the Gmail account. The password was changed thus allowing the attacker access to the firm's account with the recruiting firm.
This was discovered when an applicant contacted the firm about a position that was advertised online. When the administrator attempted to log in the password did not work. After multiple requests for a password reset the administrator discovered the password reset emails in her deleted items. The hacker's reward was a charge to a credit card with funds diverted to the hacker.
In the second case, the compromised account was used to spam email containing a link to a malicious payload to anyone who clicked on it. It was disguised as a Purchase Order needing approval. In this attack, the hacker had created rules to delete any returned emails marked as "Undeliverable" to hide the fact that the account was being used to send spam.
Solutions:
Since the attack. we have changed all passwords at the first client using passwords generated by Microsoft and reimplemented the policy of changing passwords every 90 days.
I hear a lot of complaints about having to use/change passwords but in today's online environment it is imperative that you use strong passwords, change them periodically and do not use the same password for everything. If you have your email account hacked, I know you do not want to run the risk your banking account is now vulnerable.
If you have a lot of passwords and find the task too frustrating to maintain, consider a password management software such as dashlane or Lastpass to help. For an annual fee, you will only have to remember 1 password, the master password to the password manager itself. Below is a link to an article about the best password managers for 2018.
https://www.tomsguide.com/us/best-password-managers,review-3785.html
Crypto-currency News
oh man! crypto-currencies continuing to tank. Be careful trying to catch a falling knife. I'm looking to get back in, it's hard to get into Ripple XRP, my experience.
https://www.cnbc.com/2018/03/15/bitcoin-price-over-60-billion-wiped-off-value-of-cryptocurrencies.html
https://www.politico.com/magazine/story/2018/03/09/bitcoin-mining-energy-prices-smalltown-feature-217230
https://www.msn.com/en-gb/news/world/a-new-york-town-just-placed-a-moratorium-on-crypto-mining/ar-BBKiZdv
New Intel Gen 7 & Gen 8 computers!
No comments:
Post a Comment