Published 25. Aug. 2016
What to Do When Hacked?
The case company was a first-time customer and needed immediate help in understanding the mechanisms of an elaborate “fake president” e-mail fraud, which nearly cost them millions of Euros. It quickly became clear that the attackers were not only able to exploit the case company’s misconfigured e-mail system, but were also able to access internal information that was used for their e-mail scam.
Walking in the Criminal’s Shoes
For their penetration tests, Blue Frost Security takes the perspective of real attackers to identify all critical vulnerabilities. This resulted in the discovery of the flaws in the e-mail system’s configuration. One of which allowed the hackers to send e-mails using the CEO’s name and e-mail address. Additionally, it was possible to break into the internal network in two different ways:
- By acting as a rogue Wi-Fi access point, it was possible to steal the employee’s Wi-Fi and Windows domain credentials.
- By exploiting a vulnerability in one of their Internet-facing web applications hosted in their internal network.
Then once inside the network, Blue Frost Security demonstrated how easy it is to gain the privileges of a Domain Administrator and thus take full control of the internal network. This further meant full access to the CEO’s laptop as well as all of the company’s world-wide databases.
A Long-Term Solution to Critical Vulnerabilities
The report delivered a detailed list of all vulnerabilities, ranked by criticality, with respective solutions. The issues were clarified both on an abstract and on a technical level. This helped the company effectively improve their IT-security (E-Mail, WiFi, Network Services, Windows Domain).
Additionally, the Analyst of Blue Frost Security formulated a long-term plan to further establish effective IT-security with meaningful priorities together with the IT-staff. All in all, the project has led to a remarkable increase in the staff’s awareness regarding those vulnerabilities that pose the real high risk threats to corporations. The client company was satisfied saying that the holistic approach to IT-security helped understand and fix several critical infrastructure vulnerabilities that they were not even aware of before.
Blue Frost Security will be attending our DACH IndustryForum Cyber and Information Security event on the 31st of January 2016 and 1st of January 2017 in Germany. For more on our upcoming events, visit the Event Calendar »