What to Do When Hacked?

Cyber Security | Co-creation | Published 25. Aug. 16

Share with Your Professional Network

The case company is a German world market leader in automation technology that was victimized by an e-mail scam. Blue Frost Security analyzed the case and discovered several critical vulnerabilities.

binary-823331_960_720

Hacked!

The case company was a first-time customer and needed immediate help in understanding the mechanisms of an elaborate “fake president” e-mail fraud, which nearly cost them millions of Euros. It quickly became clear that the attackers were not only able to exploit the case company’s misconfigured e-mail system, but were also able to access internal information that was used for their e-mail scam.

Walking in the Criminal’s Shoes

For their penetration tests, Blue Frost Security takes the perspective of real attackers to identify all critical vulnerabilities. This resulted in the discovery of the flaws in the e-mail system’s configuration. One of which allowed the hackers to send e-mails using the CEO’s name and e-mail address. Additionally, it was possible to break into the internal network in two different ways:

  • By acting as a rogue Wi-Fi access point, it was possible to steal the employee’s Wi-Fi and Windows domain credentials.
  • By exploiting a vulnerability in one of their Internet-facing web applications hosted in their internal network.

Then once inside the network, Blue Frost Security demonstrated how easy it is to gain the privileges of a Domain Administrator and thus take full control of the internal network. This further meant full access to the CEO’s laptop as well as all of the company’s world-wide databases.

A Long-Term Solution to Critical Vulnerabilities

The report delivered a detailed list of all vulnerabilities, ranked by criticality, with respective solutions. The issues were clarified both on an abstract and on a technical level. This helped the company effectively improve their IT-security (E-Mail, WiFi, Network Services, Windows Domain).

Additionally, the Analyst of Blue Frost Security formulated a long-term plan to further establish effective IT-security with meaningful priorities together with the IT-staff. All in all, the project has led to a remarkable increase in the staff’s awareness regarding those vulnerabilities that pose the real high risk threats to corporations. The client company was satisfied saying that the holistic approach to IT-security helped understand and fix several critical infrastructure vulnerabilities that they were not even aware of before.


Blue Frost Security will be attending our DACH IndustryForum Cyber and Information Security event on the 31st of January 2016 and 1st of January 2017 in Germany. For more on our upcoming events, visit the Event Calendar »


The Most Efficient Working Day!

Invited Guests

The most efficient working day. Insights and ideas from the stage and from a network of executives. The best solutions for your business challenges.

Read more »

Solution Providers

Meet executives with investment needs. Bring your solutions and insights to your most potential clients. 11 markets, 20 000 executives, guaranteed meetings.

Read more »

Management Events brings together top-level executives and solution providers, providing high value to both parties. Our concept attracts 20 000 visionary leaders to our events in eleven countries, over 170 times a year. Management Events Surveys provides insights and trends for solution providers and executives, helping them gain deeper understanding of challenges and needs of the largest corporations.

Sorry but your browser screen is too small for this site.