Security Breach – 2 Oct 2020

Security Breach – 2 Oct 2020

Securing highly privileged executive and administrator accounts has to be a high priority for every business

Business email compromise is a nightmare proposition for any company. Trading firm Virtu Financial learned that lesson the hard way in May 2020 when it lost $6.9 million in a nasty incident.

The scam took off when a hacker accessed the email account of one of its executives, reading and analysing that account’s email for at least two weeks. In phase two, the hacker altered the account’s settings and started sending out their own fraudulent emails.

The cybercriminals involved then moved into phase 3 of the scam. After monkeying with the inbox rules to hide certain messages from being seen by the account owner they sprung the most important phase of their plan: sending a series of emails to the company’s accounting department asking it to issue two wire transfers to banks in China.

The accounting department didn’t see any red flags, and the two transfers, totalling about $10.8 million, were sent in due course in late May 2020. Shortly after the transfers were made, a routine audit clued accounting staffers into possible trouble but the damage was done, and Virtu Financial was only able to freeze $3.8 million of the money.

This whole nightmare stemmed from a single compromised executive email account.

While the integrity of every credential is important to maintain security, executive and administrator credentials can cause the most damage to a company, as Virtu Financial learned.

It’s essential that every account for every user is under the umbrella of a strong secure identity and access management solution to prevent these incidents. Account compromise like this is frequently the result of a password compromise.

No matter how it’s obtained, whether it’s through spear phishing or it’s a lucky break from a credential stuffing attack, that compromised executive password can be neutralized when a second credential is needed to login to the endangered account like Microsoft’s 2FA and DUO Security for remote users.

Plus, secure shared password vaults enable companies and IT teams to keep passwords for essential systems and access points especially protected.

Recent Breaches

Australia – Trading Reference Australia – Digital Real Estate Services

Exploit: Unauthorized Database Access

Risk to Small Business: Severe: The Office of the Australian Information Commissioner is investigating a data breach at the keeper of one of Australia’s largest tenant information databases, Trading Reference Australia. In addition to real estate services, the company also maintains a legendary blacklist of tenants. No word yet on what data was stolen and the matter is in current litigation.

Risk to Exploited Individuals: No personal or financial data has been reported as compromised in this breach so far, but it remains under investigation.

Customers Impacted:  Unknown

United States – Microsoft – Technology Conglomerate

Exploit: Unsecured Database

Risk to Small Business: Moderate:  In a rare security blunder, Microsoft failed to secure a backend server for Bing. The server is estimated to have leaked more than 6.5TB of log files containing 13 billion records originating from the Bing search engine. The leak included the server exposed technical details, such as search queries, details about the user’s system (device, OS, browser, etc.), geo-location details (where available), and various tokens, hashes, and coupon codes.

Risk to Exploited Individuals: No individual data is believed to have been impacted in this breach.

Customers Impacted:   Unknown

Ensure you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan.

Talk to a TCT team member today and we can show you how.

Robert Brown

Follow us on LinkedIn:

Related Articles:
Rising breach costs call for increased email security
The World Has Changed. So Has the Dark Web.

Log a Job: