A couple of years ago we were contacted by a local business that we had never dealt with before. They wanted us to take a look at their IT systems because they had been the victims of a cyber attack.Â
Â
Sure, no problem.
So we visited their site and the story was simple – someone had changed the bank account details in their accounting package for their largest suppliers. So when automatic scheduled monthly payments were made, they did not go to the suppliers, but to a single account that was clearly controlled by whoever had made the changes.
The company did not have anybody managing their IT professionally, and the evidence and consequences of this quickly became apparent.
The most immediately obvious (and concerning) issue was the use of a USB drive. They ran their business using third party software. They suspected that one of the PCs in their accounts department had been hacked, so they had isolated it from the network (good). Unfortunately, on advice from their third-party software supplier, they had copied essential data from that PC, via a USB stick, to other PCs that were on their network. It simply did not occur to them that they could be spreading malware by doing this (and shame on the third-party supplier for their ‘advice’!)
What happened?
We conducted a forensic investigation and we found that there had indeed been a hack. However, it could have been stopped in its tracks had the most basic IT precautions been in place. This is what happened:
An email with an ‘invoice’ attachment was sent to the client’s generic email address, with the message ‘please forward to the accounts department’. The recipient forwarded it. First opportunity to avoid the hack missed.
4 people had access to the accounts@ email address. By chance only 1 person was in that day. She opened the email and attempted to download the attachment. Nothing happened, the attachment would not download. She thought no more about it and left the office at the normal time. Second opportunity to avoid the hack missed.
That evening, the hackers accessed the accounts dept PC remotely. The ‘invoice’ was in fact remote access software that had been installed when the lady in accounts attempted to download it. NB – had the principle of least privilege been applied to all PCs on the network, the software would likely not have been downloaded. Third opportunity to avoid the hack missed. Furthermore, the company did not have a commercial anti-virus software installed, again this would likely have detected the malware. Fourth opportunity to avoid the hack missed.
Since the PC had Administrative rights, the hackers then discovered they could access the server and the accountancy software package, neither of which were password protected. Fifth and sixth opportunities to avoid the hack missed.
The hackers spent just under an hour on the client’s systems, during which time they changed the bank account details for the largest suppliers. They then logged off and waited for the money to roll in, which it duly did at the end of the month.
So, the story shows how just the most basic of professional IT support can help to avoid cyber attacks. The above scenario would be avoided with a professional IT support company implementing the following:
- Basic user awareness training
- Principle of least privilege
- No administrative access for any staff
- Strong passwords implemented for all systems and software
- Two-factor authentication on critical systems eg Accounting software
- A professional anti-virus solution in place
So, the moral of the story is simple – ensure you have professional IT Support in place for your business and you will go a long way to improving your cyber security.Â
What happened in the end
If you’ve read this far you’re probably keen to know what happened. Well, we conducted a forensic cyber analysis and handed it to the police. With our evidence, they found and successfully prosecuted the hackers, and all but £9k of the funds stolen (which were in excess of £100k) was recovered. A happy ending in the circumstances, but I’m sure you would agree best to avoid it in the first place!
