The case company is a German world market leader in automation technology that was victimized by an e-mail scam. Blue Frost Security analyzed the case and discovered several critical vulnerabilities.
The case company was a first-time customer and needed immediate help in understanding the mechanisms of an elaborate “fake president” e-mail fraud, which nearly cost them millions of Euros. It quickly became clear that the attackers were not only able to exploit the case company’s misconfigured e-mail system, but were also able to access internal information that was used for their e-mail scam.
For their penetration tests, Blue Frost Security takes the perspective of real attackers to identify all critical vulnerabilities. This resulted in the discovery of the flaws in the e-mail system’s configuration. One of which allowed the hackers to send e-mails using the CEO’s name and e-mail address. Additionally, it was possible to break into the internal network in two different ways:
Then once inside the network, Blue Frost Security demonstrated how easy it is to gain the privileges of a Domain Administrator and thus take full control of the internal network. This further meant full access to the CEO’s laptop as well as all of the company’s world-wide databases.
The report delivered a detailed list of all vulnerabilities, ranked by criticality, with respective solutions. The issues were clarified both on an abstract and on a technical level. This helped the company effectively improve their IT-security (E-Mail, WiFi, Network Services, Windows Domain).
Additionally, the Analyst of Blue Frost Security formulated a long-term plan to further establish effective IT-security with meaningful priorities together with the IT-staff. All in all, the project has led to a remarkable increase in the staff’s awareness regarding those vulnerabilities that pose the real high risk threats to corporations. The client company was satisfied saying that the holistic approach to IT-security helped understand and fix several critical infrastructure vulnerabilities that they were not even aware of before.
Blue Frost Security will be attending our DACH IndustryForum Cyber and Information Security event on the 31st of January 2016 and 1st of January 2017 in Germany. For more on our upcoming events, visit the Event Calendar »
Get the Latest News
Events on This Topic
The most efficient working day. Insights and ideas from the stage and from a network of executives. The best solutions for your business challenges.
Meet executives with investment needs. Bring your solutions and insights to your most potential clients. 11 markets, 20 000 executives, guaranteed meetings.
Management Events brings together top-level executives and solution providers, providing high value to both parties. Our concept attracts 20 000 visionary leaders to our events in eleven countries, over 170 times a year. Management Events Surveys provides insights and trends for solution providers and executives, helping them gain deeper understanding of challenges and needs of the largest corporations.
Sorry but your browser screen is too small for this site.