You may have read recently that federal officials are more worried than ever about the security of government contractors’ computer networks. That’s because government data and network security is at risk if contractors’ networks are breached.
But why would your organization’s data be at risk if a vendor or customer was breached? What data can they steal, beyond what’s present on the breached network? And what can you do to reduce your company’s risk level in these situations – especially if the compromised vendor or customer doesn’t even know their network is under attack?
Let’s take these questions one at a time.
Are You at Risk When a Vendor/Customer Is Breached?
Building a “perimeter” around your network – a wall between your internal network and the public internet – is one of an IT team’s most important jobs. Only vendors that absolutely require access to data inside your network to do their job (such as software companies or contractors) should be allowed network access. That access should be limited and controlled, because each time you allow a connection to your network, you’re “pooling risk” with other companies. And while your partners and vendors may be great companies otherwise, there’s no way to know if they make good decisions when it comes to network security.
A strong network perimeter reduces the odds of a cross-network attack, but that still leaves cybercriminals with plenty of attack options.
If hackers are on your vendor’s network, they can see the emails you send to that vendor. They can study those emails to learn how you pay them for their services, and use that information in a well-crafted impersonation email to trick one of your employees into doing something they’ll later regret.
Hackers can also gain access to any information about your company that’s on the compromised vendor’s network. They can use this information to trick one of your employees into providing them with even more specific information to use in future attacks against you.
What Information About Your Company Is At Risk?
Of course, if a vendor or customer is breached, the hackers will likely steal any of your company’s information on the vendor or customer’s network. This could include financial information, employee information and anything else contained in emails sent between you and the breach target.
A bigger risk, however, is that they’ll also use the information they’ve gathered to trick you into giving them money – or access to your network. They can build very convincing traps by studying the way that employees of your two companies interact.
Cyberattackers often study emails between the two companies so that they can construct an email that looks identical to ones sent every month. Then they seize an account at the breached company to send an email that looks just like that monthly email. The only difference is that the cybercriminal’s email also includes a link that, if clicked, installs malware or ransomware on the other company’s network.
Cybercriminals also use seized accounts to send instructions to “update” payment account records. They do this very close to when the payment is typically made each month, so there’s little time to discover their ruse. If an employee at your company falls for this, your money would not go to your vendor, but instead directly to an account controlled by the cybercriminal.
How Do I Avoid These Traps?
Here are few ways to prevent expensive impersonation attacks.
Always talk with a (pre-specified) decision maker at other companies before accepting any changes regarding accounts payable information. And make sure that you call them to verify the change, especially if the person’s voice isn’t one you’d recognize easily. Unfortunately, phone numbers on shown caller ID can also be faked.
Avoid clicking on links in emails when possible. It’s much safer to visit a company’s site directly and navigate to the page you’re trying to reach.
When it’s necessary to follow a link, make sure to always hover your mouse cursor over the link to see where it’s going first, and ensure that the domain is familiar. Just because the domain includes Microsoft or Google’s (or anyone’s) name doesn’t mean that company owns it. Hackers regularly buy domains that include big companies’ names in order to launch more convincing malware attacks.
To learn more about WingSwept’s Managed Security offerings, please contact us at 919-779-0954 or email us at Team_WingSwept@WingSwept.com.