telanova Blog

telanova: the outsourced IT team that feels like your own

Providing advice, consultancy, helpdesk, monitoring and maintenance, updates, upgrades, security: all the things your in-house team would do, but better and at a fraction of the cost and hassle.

Compromised email accounts

Over 1 million email accounts get compromised each month. In the past if your email account was compromised it was probably just used for sending spam, if you were a victim, you would just reset your password and forget about it. Nowadays hackers are more sophisticated and are looking for a bigger payoff. Below are several costly actions a hacker might carry out if they gained access to your or a colleague’s email account.

Change of bank account notification for salary payments

The hacker will email the person in your organization responsible for payroll with a change of bank account notification. Since the email is from your actual email account, not a forgery, they will not be able to tell it was sent by the hacker.

Change of bank account notification your customers

The hacker will email your customers with a change of bank account notification. Since the email is from your actual email account, not a forgery, your customers will not be able to tell it was sent by the hacker.

Intercept supplier invoice

The hacker will intercept a legitimate invoice from one of your suppliers and change the bank details to a bank account they control.

Other social engineering

The hacker will email your colleagues with attempts to get a further foothold within your organisation. Either malicious documents infected with malware or phishing to compromise more email accounts.

How can you protect yourself and your organization?

Multi Factor Authentication (MFA)

The best protection is to enforce MFA on all email accounts in your organization. Both Microsoft 365 and Google Workspace have policies you can enable to force everyone to set it up.

Education

Most successful attacks involve human failure at some level. Make sure your staff are aware of the risks, understand how these attacks work, the warning signs, and who to report them to. The UK’s National Cyber Security Center has some free training that is quite good

Processes

Ensure your organization’s, suppliers’, and customers’ processes all include verifying any bank detail change via two independent methods.

Cyber Insurance

Recovering from a cyber incident could be ruinous to many organizations. Consider taking out cyber insurance to make sure you can get back on your feet.

Engage telanova as your IT team and we will advise you on appropriate security strategies for your organization and implement them.

Bring Your Own Device safely

It has become more common for businesses to allow their users to access their email, calendars or other services such as Microsoft Teams, through a personal mobile phone, tablet or other device, usually referred to as “Bring Your Own Device” (BYOD). It has become increasingly popular because people don’t want to carry a work and a personal device, but do want the convenience of being able to stay in touch on-the-go. The increase in remote working as we have navigated the restrictions imposed by COVID-19 has added to the popularity, and companies have appreciated not having the extra expense of providing these devices to their users.

Read more ...

Zero-day exploits and what you can do about them

There’s always a gap between the discovery of a software flaw and a patch being released to fix it. A “Zero-day exploit” is when the bad guys exploit the flaw before the patch is available, usually before the hardware or software maker even knows the flaw exists. Antivirus, firewalls, web filtering etc, don’t protect you from them. A recent example was the Exchange Zero-day exploit in March 2021. Thousands of organisations were scrambling around when they discovered their Exchange servers were breached.

With organised crime and nation-state backed hackers on the attack organizations need to switch to a mindset that they will eventually be breached in some way. Organizations need to take steps to limit the damage from a breach. It's a bit like sprinklers, fire extinguishers and fire doors in a building. None of them prevent a fire in the first place but limit the damage.

Every organization is different, requiring slightly different strategies, but some that will apply to all are:

  1. Software to detect and disable intrusions hopping laterally from one device or system to others (Lateral Movement Detection)
  2. Remove admin rights on devices
  3. Remove admin rights on cloud/web services
  4. Limit access within line of business applications
  5. Structure files/folders and limit access

Engage telanova as your IT team and we will advise you on appropriate security strategies for your organization and implement them.

When things don’t go to plan...

A customer called us who’d just had their office remodelled and realised there had been a miscommunication with their electrician. The customer had asked their electrician to install some network cables along with the rest of the electrical work. His quote specified he was installing the network cables in the wall, but didn’t include the actual network sockets. Unfortunately the customer didn’t spot the omission.

The customer needed to move into the remodelled office within a couple of days. No cabling company would commit to coming out for such a small job quickly. Cabling isn’t our business, but for our customers we go the extra mile. We dusted off our cabling tools and got the job done.

You won’t get this flexibility (and resourcefulness) from other IT support companies

I can’t believe it’s not a real invoice!

A true story: An employee of a customer of ours recently received a very legitimate looking invoice from one of their suppliers, and at first glance even the email address looked correct. However the bank details were different, the bank was located in Mexico, and on checking the email address closely the domain - the bit after the @ sign - was different.

The customer was concerned that they had been hacked, but we investigated the email chain by checking server logs, security reports and the headers in the email which are normally hidden from view, and were able to confirm to the customer that it was the supplier who had been compromised, and that had enabled the scammer to set up a domain very similar to the real one and use the names of the employees in the emails with the fake bank details.

We analysed the suppliers email system and discovered it lacked even the most basic security mechanisms to prevent spoofing.

Clearly the attackers had access to the supplier’s customer database, as well as a genuine invoice. Although they were using a fake domain that was only one character different from the real one, the invoice and the fake email Footer had the correct details

Fortunately the employee had been astute enough to spot the different bank details, so they didn’t proceed with payment, and then asked telanova to investigate. This is why we recommend to all our customers that they make sure their staff are trained up on cybersecurity, and are constantly vigilant.

Scammers will often try and target times of the day or the week when people may be under pressure to get things done, hoping that they will be less vigilant, so Friday afternoon, month end or year end are sometimes chosen to launch these attacks. The emails may get marked as Urgent! or Final Demand! To try and increase the pressure on the recipient to act without proper scrutiny.

What else can you do to protect your organization?

Microsoft’s Advanced Threat Protection service (ATP) has a feature where you can put your supplier’s email addresses in and it will monitor for attackers trying to impersonate them.

Contact us to put these protections in place for you.

Email Facebook Google LinkedIn Twitter

We use cookies to provide you with the best possible experience in your interactions on our website

You agree to our use of cookies on your device by continuing to use our website

I understand