Navigating the Cyber Breach: A Security Tale

Last week I had the pleasure of speaking with someone who had been hacked.

If you have been in this industry for some time, you’ve likely built a lens that often goes to the obvious reasons why.

1. Did not have 2FA turned on.
2. Was not using a secure method for secondary authentication, such as text, etc.
3. They simply just had poor overall security.
4. The person clicked on a link or downloaded something that generated a compromise.

Upon further investigation, none of those things were true. To be fair, they had been set up correctly, and at face value, this type of attack appeared very sophisticated, especially given that they are a small organization.

Additionally, they were working with a large MSP with a focus on cybersecurity.

How?

While the facts may be a little hard to come by, further discussion suggests that they had connected to some possibly sketchy Wi-Fi over the last 30 days.

They had witnessed some ‘weirdness’ that they disregarded. Could this have been the source? It appears this person was a victim of session theft.

It would appear they were a victim of session theft. This can occur in a few different ways:

1. Connecting to insecure Wi-Fi. When you do this, you allow a potential hacker to read everything you send and receive, and yes, steal your login credentials.
2. An insecure download, clicking on a link, and running something that seemingly does no harm - at least at face value to the user.

Once the user was compromised, it did what they do, they compromised the email account of the victim and started sending weaponized emails to all of their contacts. Let's try to find answers to improve YOUR security.

Answers

First of all, put SecurityFIRST. Ensure that your IT partner is giving you critical advice on how to protect yourself and the people you interact with.

1. Implement zero trust in your business.
2. Do not connect to Wi-Fi outside of the business; use a mobile hotspot from your phone or carry a mobile data device.
3. Utilize a VPN when connecting to company resources. Ensure this is protected with two-factor authentication as well.

We can all do better. Whether you are currently using an IT company, standards need to be improved so that you are not the next victim."

I hope this helps! If you need further assistance, feel free to ask. ??

Securely yours,

Scott