Background
A commercial enterprise had a common, shared drive-type of network setup. Documents were shared by a multitude of employees throughout different departments and saved in a centralized manner. This common practice of centralizing data was the primary catalyst for the attack on their network.
The Attack
Attackers utilized a typical phishing vector, including a fake link, which when clicked deployed malware. It only took one employee to be duped. When this fake link was clicked, it downloaded two strains of malware to the system. While downloaded software (including malware) would normally just affect the device it is downloaded to, one of the strains of malware was designed to find shared drives and spread across the network.
Circling back to the network design mentioned earlier, the shared drives were open to all employees with no segregation or encryption/password protection. This means Sales & Marketing could access shipping information and Manufacturing could access sales records. As a result of the network design, the malware was able to access all of these confidential and sensitive records. Once discovered, the event cost over $150,000 in legal, forensics, and recovery costs.
Prevention
Closing Thoughts
While this event was resolved before the attackers could successfully exfiltrate any sensitive information, imagine if just a little more time went by. The attacker might have decided to expose the organization’s proprietary information and publish the confidential data of the organization. Or what if the attacker took the banking information of the organization and siphoned funds from their accounts? They could have also taken intellectual property such as patent information or sales /marketing plans and sold it to a competitor of the firm. The possibilities are abundant. Remember, it was a simple “human error” that caused this attack.
Since 1988, JANUS has helped hundreds of government agencies, commercial entities, educational institutions, and not-for-profits protect their infrastructures, data, clients, and employees, and we have the references and testimonials to prove these claims. Our decade-long experience has allowed us to achieve deep expertise in every sector and specialty that exists, including yours.
Contact Chris Kniffin, Corporate Director, to learn more about how a team of affordable professionals can help you secure your organization.