The Phishing Adventures of Huck Phinn, Plenty of Phish in the Sea
Chapter 1 Chances are you know about the dangers of clicking on fake emails so you carefully scroll through your inbox to delete them. You are...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
3 min read
Cyrus Robinson : Apr 22, 2021 12:00:00 AM
In the previous chapter, we left Huck with no idea he had given a phishing scammer access to his employee network credentials. But beneath the calm surface of the normal work routine, the attacker was taking full advantage of his undetected presence to do the following:
Our “How to Spot a Phish” checklist can help you identify phishing emails and provides advice on what to do with them. |
Eventually, disturbing signs bubbled to the surface. While the exact number of Huck's contacts who fell victim to the phishing campaign is unknown, several of his contacts (including other St. Petersburg Wildlife Foundation employees) were also successfully hooked. The company received notification that users' email credentials had been discovered in a data breach (possibly having been sold in dark web forums). And, some employee user accounts were being actively targeted by repeated failed logon attempts, presumably after obtaining or purchasing credentials harvested in the phishing campaign. The company declared an incident.
Ingalls Incident Response Team helped assess the extent of the breach, contain the incident, communicate to stakeholders and executives effectively and in plain language, and increase security awareness offerings to their employees. In addition to a global password reset and implementing multi-factor authentication (MFA) for all Office 365 accounts, the Ingalls Incident Response Team reviewed all Compliance and Security and Cloud App Security alerts, and assisted the St. Petersburg Wildlife Foundation with additional improvements to their cybersecurity posture. Improvements included recommendations on securing their web servers, securing employee remote access, and developing a Comply-to-Connect policy.
The St. Petersburg Wildlife Foundation* (remember, names have been changed) was happy to have found a cybersecurity partner that helped make it less scary and more practical. To improve the peace of mind they had begun to develop as a result of successfully navigating the incident, the company decided to invest in Ingalls Managed Detection and Response (MDR) services. The tools our team deployed for the investigation continue to protect their environment with active monitoring, actionable alerting, and response-at-the-ready in the event of any future threats they might encounter.
Reach out to Ingalls for help getting some peace of mind with practical solutions tailored to your business needs. As a bespoke firm in a crowded industry of big names, we have a reputation for personalized service, focused on your best interests — and as Mark Twain said, “It's not the size of the dog in the fight, it's the size of the fight in the dog.”
Let us fight for you. Follow us on LinkedIn for industry insights, practical security tips for everyday life, and to get connected with our team.
Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.
About the AuthorCyrus Robinson, CISSP, MCSE, MCITP, CEH, CHFI, Sec+
Mr. Robinson is a skilled Information Security professional with experience working with diversified technologies and environments. Mr. Robinson’s professional IT career began as an electronic forensics engineer as an active duty Airman with primary responsibilities with testing and evaluating digital forensic software, policies, and procedures. In this capacity, he worked alongside federal investigators and various DoD, CIA, FBI, NSA, and NIST employees. Following his active duty role with the USAF, Mr. Robinson went on to work in change management and system administration as a DoD Contractor. Mr. Robinson also has extensive experience in the roles of Information Security Officer and IT Director for a large medical group which contribute to his knowledge with security risk assessments, HIPAA compliance, and drafting and implementing corporate IT security and business continuity policies. Mr. Robinson holds various industry standard certifications and a Masters of Science in Information Security and Assurance.
|
Chapter 1 Chances are you know about the dangers of clicking on fake emails so you carefully scroll through your inbox to delete them. You are...
1 min read
In September 2021, multiple security research teams observed and reported email reply-chain attacks that distributed new SquirrelWaffle Loader and...
Qakbot Conversation Hijacking Phishing Campaigns Targeting Government, Law Enforcement, and Financial Sector Organizations. Beginning July 2022, the...