19/11/2019

Stories from the Trenches

Every now and again I like to commit to e–paper some of the things that come across our support desk so that, as a community, we get to understand what is out there. 

It is only by sharing and trying to be straightforward that we have a chance of staying ahead of the tsunami of hacking that most of our networks are facing.

A Real–Life Hacking Scenario

A few weeks ago, we had a client call us regarding a suspected hack – a member of staff was hit by a convincing phishing scam and had managed to get through the pop–ups and warnings to get to the hacker’s desired page.

This staff member came and said that they thought they had dropped a ball and put their password into a website, and they were worried.

Slight spoiler alert – the client had Multi Factor Authentication (MFA) enabled so no actual data was lost but that wasn’t the interesting feature of this hack or the evolution that we were seeing.

As we tried to investigate, we realised that once someone entered their details into the site it was checking to see, through the office API, if the user was a correct user. If the user had a valid account it let them proceed but if they tried to test it with a dummy account, it checked and was able to come back and tell them that the account they were using had not been found – something that may facilitate the less IT literate into thinking that the site was genuine.

Hackers Are Getting Smarter

Something else was happening too. If you typed your details in once, it would, from that point on, direct you to the proper https://portal.office.com to try to hide the fact that it was a phishing site. 

Ultimately, the most important thing for sites like this is that they stay up long enough to get a decent amount of hacked accounts, and tactics like this can confuse people and potentially allow the site to be left up for a significantly longer period of time.

Also, I find it interesting to see the gradual increase in evasive measures these hacks are taking, and while you can easily see where things are heading none of us relish the thought of the additional ingenuity these hackers are demonstrating to collect user data in order to hack your data, files and email.

Preventing Hacks with Multi Factor Authentication

It also rams home the message on MFA. For the longest time now, it has been clear that MFA is probably the single most important security measure you can implement in your company. At a recent Microsoft event, Microsoft reiterated that the previous idea of the company front door (or business premises) being the perimeter and needing secured is now more or less dead or at least on life support. Now, the real boundary needing protection is the user identity. Given that, and given that almost 100% of successful hacks were on user identities without MFA, not doing MFA is basically the cyber equivalent of getting the biggest, juiciest steak you can find, strapping it to your neck and dancing round the Serengeti!

The numbers don’t lie. If you have not implemented MFA yet, it is more a matter of when you will be hacked than ‘if’, which is a scary prospect.

  • Connectwise
  • Logitech
  • Microsoft Partner Gold x 6
  • HP Enterprise
  • HP Preferred Partner, Gold
  • Aruba
  • Mimecast
  • Watchguard
  • Citrix
  • BT
  • Webroot
  • Arcserve
  • APC
  • Plantronics