View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 10, 2017updated 13 Feb 2017 10:45am

Verizon Data Breach Digest: How to protect your business from Fraud, Doxxing & Insider Threats

Learn from the real-life examples of others that have faced these issues.

By James Nunns

Rarely does a dull moment pass when you’re dealing with cyber security, mainly because it feels as though a new threat or data breach is just around the corner.

The messaging regarding cyber security and the threat of cyber-attacks has recently come in for some criticism, and while there certainly appears to be a growing fervour regarding the coverage of cyber security, the potential threat should not be dismissed as scaremongering.

The reality is, is that cyber-attacks happen constantly and the vast majority are either never reported, not big enough to make the news, or the victim simply doesn’t know that they are a victim.

The very real threat posed by cyber-attacks is highlighted in the latest Data Breach Digest (DBD) report from Verizon. The companion to the company’s annual Data Breach Investigations Report, the DBD contains different prevalent scenarios that occur at any given time.

The report looks at real world scenarios that have happened and looks at them from the investigative response point of view.

The DBD says: “Carrying forward from last year, we have come to realise that these data breach scenarios aren’t so much about threat actors, or even about the vulnerabilities they exploited, but are more about the situations in which the victim organisations and their IR stakeholders find themselves.”

CBR takes a look at the different scenarios so that you can learn from the experiences of others.

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer
Down to the Wire

This situation is about fraudulent wire transfers – yes these still happen and it’s more common than you think.

Typically threat actors use social engineering tactics in order to fool someone into processing a fraudulent wire transfer.

This particular victim, a CIO, was informed that the finance department was missing an international tax form for a wire transfer that had happened three weeks prior. That missing form prompted the finance director to request it from the accountant who had originally submitted the request.

Unfortunately the accountant could not recall the details of the transaction.

The company’s wire transfer process requires its accounting team to first email an invoice that contains various details about the bank account information, invoice amount, type of services and so on. That is then reviewed and, if approved, it is sent on to the wire transfers department that then reviews and processes it.

The RISK Team was deployed and they found that the email domain was different from the corporate email by one character.

What transpired was that a domain, which was very similar to the company’s, had been registered a few days before the wire transfer emails were sent.

Further investigations revealed that numerous external IP addresses had been successfully logging into the accountant’s email using email web access.

What can be learned from this?
  • Require two-factor authentication for access to email from internet.
  • Prepend a marker (e.g., “subject: [External]…” to the subject line denoting externally originated emails.
  • Require secondary authorisation for wire transactions over a certain dollar amount.
  • Require Virtual Private Network access for telecommuters accessing the corporate environment.
  • Provide, at least annually, user security training.
The response should following these points:
  • Maintain sufficient logging of access to email accounts from external source.
  • Collect volatile data, memory dumps, and forensic disk images prior to system shutdown.
  • Encourage and recognise employees who report potential security issues.
  • Engage bank fraud investigators for assistance, when applicable.
  • Engage law enforcement for assistance, when applicable.
 Do you know how to respond to a Doxxing attack or Insider Threat?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.