Offering Value-added Services to a Mining Foundation
The client is an Australian company specialising in the fabrication of customised products to Australian Standards. The incident was perpetrated with forged emails purporting to be from the client and displayed knowledge of existing email conversations between the client and its counterparties. Each attempt used fake email address(es) that appear legitimate to a casual observer and each exchange used intermediary third-party mail servers in other countries, and a technical attack on the targets DNS service.
The Client engaged Pragma to determine the root cause of the incident to help prevent its reoccurrence and to recommend and rectify.
Pragma proactively provided value-added service and conducted an Internal security assessment on the workstation to help identify security issues that may be present in the client's environment.
Based on the incident analysis, Pragma noted that fraudster was using phishing and carrying their attack from US, Malaysia and/or Australia. We inspected the very limited logs in Office 365 to determine if the fraudsters could be using accounts to read client's emails. We also inspected the security protection set against phishing and inquired about the security management surrounding Office 365.
During the internal investigation, Pragma detected and removed all malware and installed Sophos X Interceptor to prevent further issues. Pragma also found the internal Wifi Router Huawei, had the default password for the administrator. This was subsequently changed to a strong passphrase.