I was with a bunch of CFOs this week talking about cybersecurity and I told them how easy it is for hackers these days. They can infiltrate a company’s system by compromising an O365 account that doesn’t have multi-factor authentication, and according to a Ponemon study, are in the company’s system for over 200 days. They monitor literally everything that is happening in the company, since all companies rely on email communication, and then strike at the perfect time for a fraudulent wire transfer, change the integrity of banking instructions in Word documents, use social engineering to target certain people in the company, and learn exactly who the partners, customers, vendors and trusted individuals are with whom the company does business.
Just think about how much a hacker could figure out about your daily business if they followed your emails for over 200 days—six to seven months. A lot. They know your contacts, who owes you money, to whom you owe money, who you are doing business with, and how much you are paid. What’s really brilliant is that after they commit the perfect fraud on your company, they now have six to seven months’ worth of information to leverage to launch their next attacks on your customers, vendors and contacts. This is called “island hopping.” They have contact information, they know who knows each other and what business is being conducted, and they know what projects you are working on together. Folks, they have lots of time to figure this out, as this is their day job. We have day jobs that do not involve criminal activity. Their day job is to analyze your email traffic to figure out their next scam, and it is so incredibly easy to do if you think about it.
Carbon Black has released its latest Global Incident Response Threat Report, which confirms that hackers are doing just that—leveraging the information that they obtain from the target company to target connected companies along the supply chain. The Carbon Black researchers found that 70 percent of all attacks involve the intruder moving laterally across the network and trying to take over the system. According to Carbon Black, ”attackers are fighting back. They have no desire to leave the environment. And they don’t just want to rob you and those along your supply chain…[they] want to ‘own’ your entire system.”
According to the report, hackers are using counter-incident response measures to thwart a company’s response to an incident by destroying logs, turning off anti-virus tools, disabling firewalls and using forensic tools to cover their tracks so the IT folks don’t know they are in the system.
One of the methods the hackers are using is “reverse business email compromise,” which involves the hackers taking over the mail server of the victim. These attacks are currently hitting the financial services industry.
According to Carbon Black, “businesses need to be mindful of companies they’re working closely with and ensure that those companies are doing due diligence around cybersecurity as well,” because the hackers are going after the weakest link in the supply chain.
So,think like a hacker. It’s not as hard as you might think it is. If, as a hacker, you wanted to go after the weakest link in your company or supply chain, who would you target? If that is an easy answer, start asking your weak links questions about their cybersecurity measures.