The CIO Blog | CrucialLogics

How the Hackers Stole Christmas

Written by Amol Joshi | Feb 17, 2021 9:38:47 PM

Since the COVID-19 pandemic began, most of our business activities have been conducted remotely online, giving hackers more weaknesses to exploit. In the first few months of the pandemic, the FBI reported a staggering 300% rise in daily cybercrime complaints. 

In our latest webinar, How the Hackers Stole Christmas, CrucialLogics’ Amol Joshi discussed major hacks that happened to expert professionals with Richard Rogerson, Managing Partner at Packetlabs. Here are three examples and how to avoid them:

  1. The Case of the Missing Mobile Device Management (MDM)

Using personal mobiles for work outside firewall-protected offices, has become the new norm. Employees unintentionally downloading destructive payloads are allowing hackers to look for open sessions, giving them access to the company's IT infrastructure.

In the webinar, Joshi and Rogerson discussed companies that thought an enabled multi-factor identification (MFA) protocol would protect them from hackers. However, these companies had not turned off their legacy protocols. This meant that there were no checks and balances in place, rendering their MFAs virtually useless. They had mistakenly believed that with their mobile device management (MDM) protocols in place, everything would be automatically secured. 

MDMs usually only perform managerial tasks, like updating software patches and antivirus software. They don’t create a digital divide that keeps a user’s personal and corporate profiles separate. By taking control of the user’s personal profile, the hackers gained access to the corporate side. To avoid this, appropriate firewalls and correct protocols must be in place to keep your company safe from attacks. 

 

  1. The Ongoing Saga of Falling for Phishing

Joshi and Rogerson discussed an ingenious style of phishing, where hackers began by accessing a partner organization – not the target prize they were after. The hackers would access the email accounts of unsuspecting staff at the partner organization and send malicious links/code to the target company. Since the messages to the target appeared to come from a trusted partner, they were opened, and the phishing began.

Once inside the target company, the hacker could monitor email flows and either widen their attack on other unsuspecting companies or they could create malicious spoof domains looking similar to the target organizations or their customers. They could then try to spoof people into doing things they otherwise wouldn’t do, like making bank transfers, sending confidential files and more.

To prevent this type of phishing, tighten up on your company’s advanced threat prevention (ATP) solutions. Know where your users log in from, and block everything else to lessen your attack footprint. Also, take action against impersonator domains by using spoof protection protocols which are built into ATP solutions, and use multi-factor identification (MFA) with legacy protocols enabled.

  1. The Exposé on Enabling Remote Desktop Protocol (RDP)

Joshi and Rogerson examined a manufacturing business that had a computer numerically controlled (CNC) machine that wasn’t working. A remote technician had previously accessed the machine over the internet through an enabled remote desktop protocol (RDP), which exposed the entire company’s IT infrastructure to a cyberattack.

Once the attackers had established a foothold, they capitalized on the compromised active directory (AD) and pivoted their attack from the machine they were working on to the entire line, shutting it down for weeks. Even worse, that single exposed internet connection enabled the attackers to deploy ransomware throughout the company’s IT infrastructure.

This story reiterates that your security is only as strong as your weakest link. In today’s cloud-based world, we often forget basic security principles, like network segmentation. You should never expose your RDP to the internet. Always use two-factor authentication and run cyber fire drills to prepare. 

Joshi and Rogerson covered three additional cybercrimes we can all learn from, including:

  • Acquisition vulnerability: How a rush to integrate networks during an acquisition over the holidays gave an attacker a foothold in the parent company, and why security must be a part of every business decision.
  • A Nigerian payment breach: How Hushpuppi, one of the most successful fraudsters ever, committed cybercrime on two continents, and how Office 365 can be hardened to introduce enterprise-grade security to protect your business.
  • The SolarWinds hack: How supply chain attacks are becoming more common, why it is so important to check vendor compliance and security practices, and when to invest in attack surface reduction products.

It’s important to remember that these hacks happened to active and knowledgeable professionals. For a deeper dive into their mistakes and how to avoid them, watch the on-demand webinar: How the Hackers Stole Christmas. To greatly reduce your chances of being one of the next holiday hack stories, reach out to our team