Dealing with a Spoof mail attacks and Phishing mail attacks | A little story with a sad end | Part 1#9

In the current article, I would like to review the chain of events that occurs every time, again and again, in a scenario in which an attacker manages to execute a Phishing mail attack successfully. The reaction of the involved persons is known in advance, and the sad end of the story is also known in advance.
The primary goal of the current little story is, to serve as a wake-up call, so you do not have to be a character in the Theater show of – Phishing mail attack!

The challenges that we are facing regarding the subject of – Spoof & Phishing mail attacks are as follows:

1. The lack of knowledge about the methodology and the concept of Spoof & Phishing mail attacks (Know your enemy). For example, that Phishing mail attack is very sophisticated attacks that included many different parts such as – social engineering, AT (Advanced Threats), Spoof mail attack and so on.
2. Passing the “responsibility ball” of – mail security. IT thinks that it is the reasonability of the Mail team, Mail team thinks is the responsibility of the Security team. In the Office 365 environment, the common assumption is that the “cloud” will handle for us the mail security.
3. The common misconception that mail security is a one-time process in which we turn on or off the “mail security switch.”
4. The lack of understanding that mail attack can be just a “disturbing phenomenon” but at the same time can be realized as a deadly attack which can cause considerable damage to our organization.

Why are we so arrogant?

The common denominator of the average IT person is a strong belief, that he is some kind of Albert Einstein, that knows everything there is to know about IT and mail security.

If we have the courage to admit, most of us not really know what exact answers to questions such as:

• What are the differences between spam mail, Phishing mail attack and spoofing mail attack?
• What is the meaning of AT (Advanced Threats)?
• What is the different flavor of Phishing mail attack and how this attack realized?
• Are there security technologies and standards that can detect, handle and monitor events of Spoofing or Phishing attacks?
• If yes, how to activate and use these “security technologies and standards”?

The bitter truth appears when and where we least expect it!

Your organization experiences a successful Phishing mail attack, in which the attacker manages to tremendous damage to our organization.

You feel like a bull rammed you!

The next emotion in our emotional rollercoaster is “panic.”

We don’t know what is the volume of damage; we don’t know if our network was infected with malicious code to continue to harm our organization or, just sit and wait for the right opportunity.

The real reason for the “panic” is the very reasonable suspicion that his ass is on fire!

The next emotion in our emotional rollercoaster is “anger.”

The source for the “anger,” is frustration.

The source of the frustration is because:

• We didn’t manage to identify and block the attack.
• The fact that we face a simple truth, that says that we are not so smart as we thought.

The anger outcome is – shouting and screaming at everyone below us or any other person that who we can shout.

One of the most popular “objects” for channeling our frustration is – the companies that provide us some kind of service because most of the time they will not answer back.

This is the last phase of our bad trip, which I describe as “the silent grief phase.”

This is the phase in which we manage to understand and accept that there is nothing that we can do besides of accepting the reality, and understand that the attacker was smart enough to revel in our weak spot.

The conclusion

The drama which described is not so unusual or unique to a particular origination.

It happened all the time to many organizations.

The only difference between the events is the name and the faces of the people that are involved.

The sad story about a Phishing mail attack and the sad end

Let me tell you a story that happened long long time ago in a distant land.

Scene number 1

In our little story, your name is Jeff, and you are the CEO of a company that belongs to the financial sector named – “Don’t do anything and hope that everything will work out by itself.”

It’s 9:30 in the morning; the sun is shining.

You’re sitting in your office, drinking a cup of hot coffee (no sugar because you need to maintain your weight).

You log on to Facebook and start to watch some boring video of a dog or a cat, doing something.

Your phone is ringing.

On the line is Suzan, the personal assistant of Brad, the company CEO.
Suzan is asking you to urgently come to Brad’s office.

Your gut feeling is telling you that something is wrong!

You enter Brad’s room.

Brad asks you to close the door behind you.

The facial expression of Brad is grave and serious.

Brad says:

“Jeff, let’s make it simple and straightforward.
Yesterday, I got an E-mail message from David (David is the company CFO) that asked me to deposit 500, 000$ in a specific bank account.
The purpose of the deposit was an initial payment for a big acquisition deal, which is about to take place soon.”

This morning, after a brief conversation with David, I understand that I was a victim of an ugly fraud!

1. I want my money back!
2. I want you to locate the persons that carried out this ugly fraud + report the information to the police!

3. I demand to know – how can it be that the security infrastructure that costs us so much money, didn’t recognize and blocked this attack, and I demand to know who to blame and who is the person that is responsible for this disaster!

Scene number 2

You can hear your heart pounding.

You Instantly call Billy (the company IT manager), and ask him firmly, to reach your office immediately.

Billy enters your office.

You ask Billy to close the door behind him.

You inform Billy about the “mess,” waving your finger in his face.

You tell Billy that you need instant answers and that someone will have to pay the price!

Scene number 3

Billy rushes into his office, finds Bob (the Help desk manager), and informs him about the “issue.”

Billy asks Bob to immediately call the IT company, which planned and built our mail infrastructure, and inform them that they will have to provide an accurate answer to the following questions:

1. How did the hostile element manage to hack our system despite the advanced security infrastructure that was supposed to protect our mail infrastructure?
2. How to identify with certainty the hostile element, and locate the hostile element which carried out the attack?
3. How are they going to compensate us for the Indignities and the financial losses?

Scene number 4

Bob calls the technical support of the IT company that built our mail infrastructure.

Bob informs them about the incident that happened and presents a list of questions.

The “other side”, explains that this problem is not related to “their side” in any way. He says that the responsibility for protecting the organization mail infrastructure from such an attack is the responsibility of the organization that owns the mail infrastructure meaning, our responsibility.

After an exchange of harsh words, Bob disconnects the call and informs Billy that the provider refuses to help us and also, blames us for the “mess.”

Scene number 5

Billy (the company IT manager) picks up the phone and calls the technical support of the provider who built the mail infrastructure.

Billy asks politely but firmly to talk to Stephen, the manager!

Stephen explains that this problem is not related to “their side” in any way and that responsibility for protecting the organization mail infrastructure from such attack, is the responsibility of the organization which owns and manages the mail infrastructure.

After an exchange of harsh words, Billy disconnects the call.

Scene number 6

Billy calls you (just a quick reminder; you are Jeff the company CIO) and reports on the conversation with Stephen.

The bottom line – Stephen that represents the IT company that built our mail infrastructure declares that – they are not willing to take any kind of responsibility for this mess!

You ordered Billy to immediately summon a conference call, that includes yourself, Billy (the company IT manager) and Stephen.

You start the phone conversation with some statement about the fact that you have decades of experience in the field (usually, the magic number is 15 years).

You continue to the “threats phase”, and clarify unambiguously that if he (the provider) will not take responsibility, provide immediate answers and solve the mess, you will fire him, sue him, and also, publish negative information about his company on Facebook.

Stephen says that he is very sorry, that he understands my pain, but nothing he can do to help us in this scenario.

Scene number 7

Clumping you enter the director’s office.

You start to stutter and mumble about security risks, cyber-attacks, the difficulty in dealing with the risks and threats of the modern work environment.

Brad (your CEO) informs you that you will have drawn the required conclusions.

Scene number 8

Two years passed since you have been fired following the unfortunate incident.

You could not find another job (because of age and other reasons).

Your financial situation is not okay, and you get a call from the bank on a daily basis.

After many reflections and obsessive thoughts, you decide that….

Scene number 9

The wind blows in your face.

You’re standing on a high bridge looking into the abyss which pours down!

Good-bye, crawl word!

The next article in the current article series

Dealing with a Spoof mail attack and Phishing mail attacks | a little story with a sad end | Part 1#9