- +(91) 9225246815
- ajay@shashwatpune.com
- Mon - Fri: 9:00 - 18:30
Sphear Phishing Malware Case Study
Issue
A multi-national manufacturing organization named XYZ*, having a journey of six decades in roofing interior and exterior building products and solutions became a victim of spear-phishing email cyber-attack. The attacker created confusion and waited for the right opportunity to divert funds to his bank account by tricking the organization’s sales employee asking him to update the organization’s trusted vendor bank account details.
XYZ* being a multinational organization, has many worldwide vendors supplying various types of building material to them. Basically, the vendor need to issue the bill post-delivery of goods. However, in spite of being a multinational organization, the organization policy did not mention to whom the vendor should mail the details of the bill. Generally, as per vendor understanding, they usually share the bill and bank account details with the accounts department of the organization.
The organization’s sales employee received an email, requesting them to update one of their vendor’s bank account details. No update of the same was prior confirmed with any organization’s employee regarding the update. The sales employee forwarded the same to the concerned accounts department employee for further action. While going through the email, the accounts employee noticed something unusual in the email, which raised suspicion and hence called for suspicious activity investigation. Due to this raised alarm, neither the actual organization’s vendor account nor the organization’s systems got compromised.
Also, it was identified during investigation that the organization neither had proper information security management policies as defined in ISO27001, nor had any proper guideline for information security risk treatment, before consulting Shashwat Solutions, which is absolutely essential to be defined in the interests of organization’s information security management systems.
Hence after this requested investigation, Shashwat Solutions guided the organization in getting ISO27001 certified, where it provided consultation to the organization in forming and implementing the policies as per ISO 27001 guide lines. The above issue clearly highlights the case of a spear-phishing attack, where the attacker sent spoofed organization’s vendor’s email to organization’s sales employee, which looked like it originates from the organization’s vendor’s legitimate email address. The attacker expected quick action from the organization’s accounts employee to update the bank account details through organization’s sales team based on trust. In this way, spear-phishing email is modified by malicious attacker in such a manner using social engineering to specially target vulnerable victims, making it very easy for them to bypass the toughest security measures
Investigation
Upon the organization’s email suspicion investigation request, Shashwat Solutions undertook this investigation case.
As investigation’s first step, we took the organization’s sales employee laptop into custody, who received this phishing mail and forwarded it to accounts employee. During interrogation, it became evident that the sales employee’s intent was neither malicious, nor his laptop was infected and the email is purely a targeted phishing email to confuse and trick target victim organization’s audience dealing with large financial transactions.
In the second step, we checked the source of email message by shutting down the network and blocking organization’s email communication. In this step, we checked the filters of the cloud based email solutions of the organization, determined the email’s header and footer, authentication results where we found the sender’s IP address. After examining the attacker’s email ‘FROM’ email header, first major red flag was identified that attacker used email impersonation technique by using the exact trusted vendor’s name of the victim organization to display in the ‘FROM’ email header to build recipient’s trust about email’s integrity.
In the third step, a second major red flag was identified, where we noted that only beneficiary name and bank account number was provided, where the salutation and sender’s name was missing. Also, the Email Threat Scanner did not highlight suspicious most common phishing database subject line but provided warning about email server information. While checking the server’s information protocol, logs and packet movement, it was noticed that the mail server IP address did not have much activity. Thus, this technique successfully helped the attacker in circumvented DKIM/DMARC mail security filters set by the organization, which was identified after checking the email solutions server log report.
Additionally, while investigating, it was found that the organization’s email filter in firewall end point protection was not configured properly to filter email and mark it spam, based email address server’s IP address. This was determined after reviving the backup archival data server email address IP logs.
Further, during investigation, it was found that organization’s information systems security policies were unclear. In addition, no proper documentation for assessing sensitive security incidents was present. Besides that, no updated information security awareness employee trainings were conducted on timely basis which could have helped to prevent the phishing mail forwarding incidence.
Thus, during the investigation phase, many red flags were identified and reported, which proved lack of ISMS compliance for managing organization’s sensitive data
Analysis
After understanding the incidence, organization’s business needs and expectations of the organisation’s interested parties, we suggested the organization’s management to demonstrate commitment in ensuring resources needed for information security be made available, integrating ISMS requirements, establish information security policy and promote ISMS continual improvement into the organization’s process. Subsequently, we consulted the organization in forming information security policy, action plans to address risk and opportunities planning and improvement such as taking corrective action.
As a part of corrective action, we recommended the organization’s IT department to change the email solution vendor and guided them in configuring accurate email filters. Also, we guided them in maintaining their archival backup security and set log monitoring function to record the ongoing activity. Additionally, we suggested them to get information security and firewall training from our consultancy for employees having access to external emails.
Moreover, we suggested them to block unwanted open ports, create timely updated information security awareness and report any suspicious email activity instantaneously without forwarding further or before taking any action on it.
The solution provided by us will help the organization to successfully become ISO27001 compliant. It will provide the information security policy framework, which will drive organization to committed action, protect its information systems and create action plan to address risks. This activity will help the organization in performing information security risk assessment and timely resolve information security risks. Further, this activity will help the organization to produce supportive evidences during ISO27001 Audit, Management Review on ISMS and identify the improvements such as taking corrective action in case of security incidence
Client Testimonials
Know what our customers have to say about us.
With great appreciation I thank to Shashwat Solution for their enormous efforts in co-operative sector. They have very good skill in maintain good relations through their work with each and every client. May God flourish them more and wish for their ‘Shashwat Existence’ in banking and Industry.
For a long time we have been working with Shashwat Solutions. We had a great experience while working with Mr. Ajay Nikumb. He is very knowledgeable, and his readiness to help us during discussions about the system audit and Networking security has always benefited us while doing business and providing uninterrupted service to our customers in a secured service network.
We appreciate his commendable knowledge in System audit, IS Network and security.
On behalf of Management & all the employees of Pune People's Co-Op Bank Ltd., Pune, I request you to accept the appreciation for the excellent job performed consistently by you and your staff during past several months. In conducting System Audit, VAPT, and Data Migration Audit etc., though it was an enormous task you managed to perform it smoothly and efficiently! During the all assignments, I personally appreciate the professional approach, practical training on cyber security, time management, personal involvement, guidance about Do & Don'ts. I feel that Mr.Ajay Nikumbh & team had proved to be best friend, philosopher & guide for the bank. Thanks to your leadership and dedication. Due to your staff's teamwork and energy, we are enjoying smoothness in systems & procedures. You and your employees really deserves a big appreciation. I personally would like to thank you and your staff which is little difficult in present situation but I will request you to convey my gratitude and regards to all the employees of Shashwat Solutions.
We have had the pleasure of working with Shashwat Solutions Pune and even more amazing person Mr Ajay Nikumb. He is everything, His thoughtful and understanding nature that sets him above the rest. His ability to listen and understand our needs coupled with his incredible intuition has made all of our transaction seamless. I am working with Walchandnagar Industries Limited. since 2008, Designed / implement the following solutions with M/S Shashwat Solutions 1) Networking 2) MS Exchange 3) Firewalls 4) WAN Security 5) End Point Security 6) Backup solutions
जान है तो जहान है ' या उक्तीप्रमाणे बँकिंग क्षेत्रातील सायबर सुरक्षेचे पालन करून बँकिंग उद्योगासमोर येणाऱ्या नित्य धोक्यांना यशस्वीपणे सामोरे जायचे असेल तर नावाप्रमाणे शाश्वत असे सोलुशन देणाऱ्या श्री अजय निकुंभ सर यांचे आभार शाष्वत सोल्युशन पुणे म्हणजे,सहकारी बॅंका व पतसंस्था यासाठी माहिती सुरक्षेचे चालते बोलते विद्यापीठ आहे.
We have been working with Shaswat Solutions since long time and its pleasure to work with them. Mr. Ajay Nikumb from Shaswat Solutions is amazing and knowledgeable person. He is everything, His attentive and understanding nature that sets him above the rest. His ability to listen and understand our needs coupled with his incredible intuition has given us solution in each and every area of I S Network, Audit and Security.
It is my pleasure to share my thoughts on M/S Shashawat Solution & their partner Mr.Ajay Nikumb ever smiling personality We have had the pleasure of discussing our requirement with Shashwat Solutions Pune Mr.Nikumb carrying and understanding nature that sets him above the rest. His ability to listen and understand our needs coupled with his incredible intuition has made all of our transaction seamless. I wish all the best to Shashwat & Mr.Ajay in particular.& getting many more laurels.
Since 2012 we are working with Shashwat solutions pune. Whenever it comes to excellent services we can completely trust and depend on Mr. Ajay Nikumb and his team.If there is any problem regarding firewall, they will clear it off without disturbing our banks daily work routine Mr. Ajay Nikumb is truly a reliable gentleman . He has a very good listening skill, He first listens an then is ready with a solution over it. I am the Assistant general Manager (Data Centre In Charge) of Jalgaon Janata Sahkari Bank Ltd Jalgaon I am truly satisfied with the services provided by shashwat solutions at present they are providing us with firewall services
We have been working with Shashwat Solutions for almost past 15 years. We have been always impressed with their friendly but professional approach. Mr. Ajay Nikumb has always helped us in satisfying our requirements, with a Smile. We wish them a great success ahead.
Previous
Next
Our Clients
Previous
Next
