Background
A commercial enterprise had a common, shared drive-type of network setup. Documents were shared by a multitude of employees throughout different departments and saved in a centralized manner. This common practice of centralizing data was the primary catalyst for the attack on their network.
The Attack
Attackers utilized a typical phishing vector, including a fake link, which when clicked deployed malware. It only took one employee to be duped. When this fake link was clicked, it downloaded two strains of malware to the system. While downloaded software (including malware) would normally just affect the device it is downloaded to, one of the strains of malware was designed to find shared drives and spread across the network.
Circling back to the network design mentioned earlier, the shared drives were open to all employees with no segregation or encryption/password protection. This means Sales & Marketing could access shipping information and Manufacturing could access sales records. As a result of the network design, the malware was able to access all of these confidential and sensitive records. Once discovered, the event cost over $150,000 in legal, forensics, and recovery costs.
Prevention
- Unsolicited Emails: Avoid clicking on links and opening attachments from unsolicited emails. Learn to identify phishing emails and similar duping types of attacks on the web.
- Shared Drive: While having a shared drive is not an issue in and of itself, not having segregation, password protection, user privileges, and/or encryption is an issue.
- Protect Information: If the above two techniques were not deployed, the organization would have still been protected if they had put in place document protection for sensitive documents. Document protection includes such things as complex password protection or encryption.
Closing Thoughts
While this event was resolved before the attackers could successfully exfiltrate any sensitive information, imagine if just a little more time went by. The attacker might have decided to expose the organization’s proprietary information and publish the confidential data of the organization. Or what if the attacker took the banking information of the organization and siphoned funds from their accounts? They could have also taken intellectual property such as patent information or sales /marketing plans and sold it to a competitor of the firm. The possibilities are abundant. Remember, it was a simple “human error” that caused this attack.
CONTACT JANUS ASSOCIATES
Since 1988, JANUS has helped hundreds of government agencies, commercial entities, educational institutions, and not-for-profits protect their infrastructures, data, clients, and employees, and we have the references and testimonials to prove these claims. Our decade-long experience has allowed us to achieve deep expertise in every sector and specialty that exists, including yours.
Contact Chris Kniffin, Corporate Director, to learn more about how a team of affordable professionals can help you secure your organization.
