We’ve just wrapped up a security investigation for one of our amazing clients. All of our clients are amazing, but as you read this story, you’ll see why we’re especially proud of this client.
We’ve anonymised it out of respect, although this story reflects really well on our customer.
They work in law, and provide property services to clients locally and around the world. One of their senior people had been corresponding via email with a new client over several days, discussing property law and providing service quotes. After gaining the trust of our client, their correspondent sent a link to what they claimed were documents related to their property.
Client 1: Hacker 0
Thankfully, our client was suspicious of the link. That’s a testament to our effective security training. Upon investigating, we discovered the link directed to a SharePoint site hosting a OneNote page belonging to a law firm based in the UK. The OneNote page contained a link to a PDF, which, when clicked, opened a Microsoft login phishing site. This site was prepopulated with our client’s email address in an attempt to steal their password.
It appears the UK-based law firm had fallen victim to the same phishing attack, and their infrastructure is now being used as part of the attacker’s operation.
We’re genuinely proud of the robust security measures we provide our customers. Kinetics KARE Foundation blocked access to the malicious site, and our web browser protection flagged the active threat immediately. Additionally, our stringent conditional access policies and MFA protections ensured that even if the client had clicked the link, we’re confident their account would have remained secure.
Three different security layers came together.
These were our training and awareness program, our email scanning and our browser behaviour scanning. They were all in place and effective. Interestingly, one layer, our DNS filter, did not detect this risk because the compromised site was too recent and hadn’t been reported at the time. Fortunately, the other security layers caught the risk and protected our client. There was no way they were going to fall victim to this fraud in the same way that the UK law firm had.
This was a sophisticated attack. The hacker had spent the time to prepare their trap. They were plausible and built up trust, and they used a law firm to target our client, like any one of a number of legitimate requests this client receives. They were clever, but fortunately not clever enough.
Our lessons:
- Multiple security layers are a must. If one fails, the others will still be working
- Be vigilant at all times
- Hackers are investing time and working to bait victims with very plausible lures.