A leading South African supplier to the logistics sector discovered that it was the victim of a malicious phishing and scamming attack that compromised its systems and resulted in fraudulent e-mails and invoices being sent out to contacts from the mailbox of a senior employee. The company turned to Braintree, the consulting and integration division of Vox, for assistance.

The matter was only brought to the organisation’s attention when a recipient of one of these fraudulent e-mails questioned its authenticity, highlighting the need for the ability to detect and mitigate such phishing attacks as soon as they occur, in order to protect against reputational damage, data loss, or even financial loss.

And increasingly, legislation being put in place worldwide to protect data privacy — such as the General Data Protection Regulation (GDPR) in the European Union — holds organisations accountable if customer information is lost or misused as a result of poor data management and protection practices.

“Cybercrime has turned into big, organised business, with small and medium enterprises high on the list of targets as these organisations often do not give security the same level of consideration as larger companies, which might have entire teams dedicated to take care of their security. Data in fact shows that 58% of breaches take place at smaller organisations, and the average cost per breach is US$120 000,” says Chris Badenhorst, strategic head for Azure at Braintree.

“Though there has been a longstanding misconception that only big enterprises are at risk from cybercrime, this is changing and more small businesses are getting serious about security.”

These smaller organisations often operate in a hybrid environment, with some of their functions in the cloud, and the rest on premises — where the biggest threat is presently. Turning to a partner like Braintree provided the affected customer with access to some of the leading, certified security consultants in the industry, who are able to combine software with global best practices and local industry expertise. The solution was not simply to sell a product but to provide a full range of software and hardware recommendations to ensure that the customer could significantly improve their security score.

Remote and on-premises assistance

The successful attack happened despite efforts to protect their environment, with a malicious Outlook Rules Exploit that originated from a usual phishing method: Targets receive emails from people who are their contacts or known organisations, that include links. When the link is clicked, they are taken to a fake Office 365 login page aimed at stealing their details, and adding Outlook rules that forward the target’s e-mails — usually those that are financial in nature — to the hackers. E-mails may also be sent to the target’s contacts in order to spread the malware further.

Following an audit of their existing software, it was recommended that they migrate to Microsoft 365 Business Premium, which provides them with advanced identity, security and device management features. While the licences for users were set up remotely, a managed IT services team from Braintree was sent out to the customer to roll out Microsoft Defender for Office 365, which helps protect against threats that come via e-mail attachments and links, as well as ransomware, malware and zero-day threats.

“The managed IT team then carried out deep scans of PCs and laptops — while unplugged from the broader network — at the customer premises to remove the malware in the course of an afternoon. Following this, they began applying upgraded security policies to protect the business’s information on mobile devices, using Microsoft InTune,” says Badenhorst.

The time taken to recover from a cyberattack is largely dependent on the nature of the attack and its severity. This customer was fortunate in that the malware was discovered before it could cause more severe harm. Servers that are held captive by ransomware, where even a company’s backups might still carry the malware, can take much longer to resolve.

Braintree also helped set up Azure Information Protection, which provides the customer with data loss protection features, including the ability to better track, manage and protect their e-mails, documents and other confidential information shared with people from outside the organisation.

“All these improvements means that both Braintree and the customer are immediately alerted if there is either a breach, or if there is an attempt to send sensitive information via e-mail to external parties. What we have put in place will ensure that the business is taking a more proactive approach to mitigating risks and improving their security score,” says Badenhorst.