Use of Multifactor Authentication

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

This has been quite the year of O365 intrusions. The story seems to be almost identical in each security incident we investigate this year, and it goes like this:

Employee receives a pop-up message from Microsoft advising employee that s/he must change his or her password for security purposes. Employee types his or her user name and password into the pop-up message and provides “Microsoft” with the new information.

In fact, an intruder has penetrated the employee’s email box with a phishing email that has just compromised the employee’s email box. Once the intruder is in the email box, he places forwarding rules on every email the employee receives to a gmail account, and then watches the email traffic.

Once the intruder finds an opportunity, which frequently involves an outstanding invoice to a vendor, the intruder spoofs the vendor and cuts and pastes the vendor’s signature block and demands payment for the outstanding amount due. The employee believes it is the known vendor, and corresponds with the imposter as if he is the vendor. During the email correspondences back and forth, the imposter tells the employee that they are changing their payment methods to ACH and provides the wiring instructions. The employee sends the money according to the wiring instructions and believes the outstanding debt has been paid.

Days or weeks later, the employee receives a call or email from the real vendor requesting payment. When the employee tells the vendor that payment has already been made, the vendor says that it has not been paid and the employee forwards the correspondence where payment was made. It is usually then that it is discovered that the money has been sent to a fraudulent bank account. When the employee tries to get the money back from the bank, the account has been liquidated. Unfortunately, the vendor still needs to be paid, so the company now has to pay the vendor too.

When we retain a forensic firm to review the incident and mitigate the incident, the first thing done is to implement multifactor authentication and force password resets across the organization. In most instances, the initial intrusion could have been prevented if multifactor authentication had been implemented to start.

Multifactor authentication continues to be an important part of an organization’s risk management program, including when using O365.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide