After being phished and paying out over $140,000 in fraudulent invoices, a large U.S.-based retailer turned to Versiant Corporation to implement security measures that would strengthen its overall security posture and protect the organization from further attacks.
Phishing exploit costs organization $140,000
The accounting department of this rapidly growing organization was defrauded by a well-orchestrated phishing scheme. Through an earlier breach at either the Organization or its supplier, a threat actor (TA) uncovered information that allowed it to create two legitimate-looking invoices, each for approximately $70,000. These invoices mirrored the supplier’s real invoices, using the same format, the supplier’s logo, the name of a real contact at the supplier and products the Organization regularly purchases from the supplier. The invoices were also sent to the appropriate employees within the Organization.
Unaware they were being phished, the accounts payable team paid the fraudulent invoices. After recognizing its error, the Organization consulted with Versiant Corporation, an experienced IT services provider, to devise and implement a security program that would prevent any future attacks and safeguard its environment.
Tailored four-point security plan strengthened by IT expertise
Versiant implemented its Security-as-a-Service (CSaaS) solution, a four-point security stack that includes border security, email security, endpoint management, and user education. Although elements of this multi-tiered solution can be readily deployed to protect corporate environments, Versiant utilized its security expertise to customize the solution to meet the Organization’s unique needs.
“One of the most essential, upfront elements of devising a security plan is understanding the business, its IT environment and its processes,” explained Chris Fogarty, chief technology officer at Versiant Corporation. “Versiant has the experience to understand these factors and implement a comprehensive solution that can flex and pivot with the evolving threat landscape.”
A key element of the CSaaS solution is border security. While the organization had been using a consumer-grade firewall, this product was limited in its ability to monitor communication entry and exit points, identify threats and protect the IT perimeter. Versiant installed a next-generation firewall which moves beyond the generic, static rules of a traditional firewall, using advanced rules and artificial intelligence (AI) to analyze behaviors and carefully inspect traffic to better identify rogue attacks.
The next-generation firewall continually builds on its existing intelligence, correlating technologies and security parameters such as user behaviors to verify data before it admits it. This intelligence is a critical piece of the CSaaS solution as ingress and egress points into the corporate environment become more diverse. This complicates security protocols and introduces additional risk. The next-generation firewall is better equipped to manage this influx of devices and the increasingly complex threat plains.
The Organization also lacked an email filtering product. To rectify this, Versiant assessed the Organization’s business to understand its risk for email fraud and implemented Barracuda Sentinel, a message filtering product that applies the requisite level of security while maintaining the necessary flow of information.
To secure this communication platform, this security layer assigns points to various risks within an email, such as a mismatched domain name or a formatting discrepancy. When an email’s cumulative score reaches the designated risk threshold, it is flagged as high risk and blocked. This product also employs a combination of AI and behavioral analytics to enhance its filtering technology and capabilities.
To manage endpoint security at the Organization, Versiant also implemented Bit Defender, an antivirus tool that detects malware, root kits, viruses, and other threats before they can be installed on unsuspecting devices. This tool was deployed to protect end user computers as well as tablets used in the field.
As part of its endpoint security solution, Versiant also devised a mobile device management (MDM) plan to ensure the compliance of devices and control the deployment and security of applications. Using a series of protocols, Versiant ensures that noncompliant devices cannot connect to the corporate network. MDM also enables the Organization to remotely wipe corporate data from a device and unenroll it to ensure it cannot access corporate data in the future. By controlling access to corporate applications, MDM also ensures end users only have access to approved corporate applications.
To heighten user awareness of phishing attacks and other malicious exploits, Versiant also implemented ongoing security education for the Organization’s staff. This training is delivered via a series of short, easy-to-digest videos that communicate a security risk, what it looks like, and the appropriate reaction. These videos are distributed monthly to employees and conclude with a short test to ensure comprehension of the issue.
“If you’ve been breached once, you become an attractive target for future attacks,” explained Fogarty. “It’s important to maintain a level of vigilance. Research shows that six months after an attack, people become more relaxed and complacent. Ongoing training ensures people remain aware of the red flags.”
To further verify employee’s attention to various risks, Versiant also orchestrated a fake phishing campaign to help employees identify classic phishing ploys such as email and name spoofing. This awareness could have mitigated the organization’s original attack. By simply mousing over the sender’s name, accounts payable would have noticed that the email address did not align with the supplier.
In addition to promoting alertness over the long term, ongoing education ensures new hires also have the necessary knowledge to spot and react to a threat.
Updated security protocols and ongoing education thwart additional attacks
Since embracing CSaaS, all attempted attacks—including some similar to the original exploit—have been neutralized. This ongoing protection relies heavily on continued education as well as the expertise, knowledge and skill of Versiant’s seasoned IT team, which continues to manage the solution to ensure it keeps pace with the ever-changing threat landscape and evolves with the Organization’s needs.
“Just having the technology in place is not enough,” said Fogarty. “You need to have eyes on these technologies and processes in order for them to be effective in the long term. Attacks changes and perpetrators become savvier and use more complex technologies to execute attacks. Businesses need to be able to keep pace. Versiant remains on the forefront of emerging threat landscapes and the technologies and protocols needed to avert them.”
Working with Versiant, the Organization remains alert to ongoing threats and is advised of new risks as they occur. This continues to be a key piece of the security puzzle, because when it comes to security, a TA only needs one weak link to breach an organization. Versiant’s CSaaS solution ensures all the links in the Organization remain aware and strong.