fbpx
Facebook GitHub Instagram Linkedin Mail TikTok Twitter
Friday, July 26, 2024
CybersecurityPersonal View
Updated:

Security: How a Company’s Network is Breached

Destiny Young
By Destiny Young
40
1

Must Read

Destiny Young
Destiny Younghttp://linktr.ee/youngdestinya
Destiny Young is a highly credentialed information technology professional with over 14 years of industry experience. An HND/BSc (Hons) in Computer Science graduate. He holds a Master of Technology degree in Information Technology from the prestigious University of South Africa (UNISA). He is a Distinction-grade MBA alumnus of Nexford University, Washington, DC, where he also obtained a First-class MSc degree in Digital Transformation. His professional development direction is in Cybersecurity, Digital Transformation, and Business Intelligence. He is a member of the British Computer Society (BCS), the Chartered Institute of Administration of Nigeria (CIA), the Nigeria Computer Society (NCS), etc.

By: DESTINY YOUNG, Technopreneur, IT Infrastructure/Cybersecurity and Privacy Engineer

A particular corporate organisation contacted me to do a risk assessment of their IT systems and make appropriate recommendations to forestall the incessant breaches experienced.

Before I was contacted, the company had experienced a variety of security breaches to the extent that the MD/CEO corporate email was compromised, and the attacker used the MD email account to send an email to a client demanding for an anticipated payment to be made to private account creating the suspicion that the MD could have asked them to make the transfer to individual account instead of the company’s account.

When the client suspected an unofficial request, the client decided to confirm the request by directly calling the MD. To their MD’s great surprise, his official email was used to make the request. This was when the MD became aware that his confidentiality had been breached, calling into memory when a suspicious transaction order occurred some years back after an attacker used his email to order the company’s Financial Manager to transfer a certain sum of money from the Company’s account to the account of an unknown person which was later discovered to fraudulent accounts of a hacker who had access to the MDs’ email upon which he sent the order to the Finance Manager and in which case the Finance Manager acted upon on the assumption that it is the MD’s directive.

SECURITY ASSESSMENT:

To conduct the security assessment, I made it clear that I would not be able to effectively carry out my assessment because certain security controls were not in place prior to the security incident, but that I would want to implement security controls and observe anomalies with the company’s IT systems and Network, to have a clue where the threats come from. Approval was granted.

IMPLEMENTATION OF SECURITY CONTROLS:

The following were the Security Controls I put in place:

  • I installed an Endpoint Cloud-based security software in the company’s server and on all connected endpoint devices.
  • The company uses MTN Internet services with a dedicated IP, I installed a Firewall to monitor incoming and outgoing traffic within the network.
  • I installed a software-based web content filtering software to monitor and regulate access to certain website resources.

Please note, that web filtering software is a type of security software that blocks access to certain websites or content based on predetermined criteria. It can be used to protect children from inappropriate content, block malware and phishing sites, and enforce company security policies. There are various types of web filtering software available, including cloud-based, network-based, and endpoint solutions.

How the Web Content Filtering works – When an Internet Service Provider gives a client a dedicated IP address, that IP address serves as the Internet gateway for the client, and all Internet request passes through that IP address. To filter internet access from that IP address, the IP is then entered into a web filtering software and access to other website addresses or IPs can then be controlled and regulated. Any IP address of the website in the Web Content Filtering Whitelist is allowed, any other ones placed in the Blacklisted is disallowed (Blocked).

IMPLEMENTATION OF THE COMPANY’S IT POLICY

  • I implemented a company’s IT policy that forbids an employee from accessing YouTube, Porn Sites, Music Sites, Crack software download sites, etc.
  • I also implemented a system password change policy that forces the user to change his or her system password every 3 months.
  • I restricted using a browser to log into Facebook. That is, Employees accessing Facebook.com from a web browser.

RISK DISCOVERY:

After a couple of weeks, I started to get a report from the Web Content Filtering Software showing employees thousands of requests to access a porn site. Thankfully, the Web Content Filtering software blocked all those requests.

The above discovery gave me a clue as to the Attack Surface used to be the attacker to access the Company’s Corporate Network.

TYPICALLY:

Malicious attackers are quite aware that people love to watch p0rn movies, especially at idle work moments via their mobile device or office computer. They deploy their malware on such websites.

When you visit a p0rn website on your browser using your mobile device or office computer, your device is 100% likely to be infected by a trojan.

Trojan is a malicious software developed by an attacker to use to gain access to another system with the owner’s consent. They come in various forms. One of the forms is a keylogger.

When a website containing a trojan is visited, a Keylogger is downloaded and stealthily installed on a user’s device. The assignment of a keylogger is to log your keystrokes from either a computer keyboard or mobile device keypad.

In the case above, once an attacker successfully gains access to an employee’s email account login credentials, he can use it to transmit the keylogger to other users within the network via sent emails until the attacker lays hands the expected email address, for instance, the MD/CEO email.

If the attacker has access to the IT manager’s account, he can make a lateral movement within the network until he has full admin control of the entire company’s network. At this point, the company is at his mercy.

RISK MANAGEMENT:

  • The implementation of the firewall system enables the inbound and outbound network traffic to be monitored. Any observed anomaly will explicitly be blocked.
  • The password change policy ensures that users constantly change their passwords should they have been compromised during the previous breaches.
  • The Endpoint security software protects all endpoint devices (mobile phones, laptops, desktop computers, servers) from malware.
  • Web Filtering ensures no employee accesses the company’s restricted websites.

In conclusion, data breaches can damage business reputation and cause financial losses to companies that pay lip service to cybersecurity.

Destiny Young
Destiny Young
Destiny Young is a highly credentialed information technology professional with over 14 years of industry experience. An HND/BSc (Hons) in Computer Science graduate. He holds a Master of Technology degree in Information Technology from the prestigious University of South Africa (UNISA). He is a Distinction-grade MBA alumnus of Nexford University, Washington, DC, where he also obtained a First-class MSc degree in Digital Transformation. His professional development direction is in Cybersecurity, Digital Transformation, and Business Intelligence. He is a member of the British Computer Society (BCS), the Chartered Institute of Administration of Nigeria (CIA), the Nigeria Computer Society (NCS), etc.
Previous article
How highly secured Microsoft email environment was breached by a Chinese hackers Group
Next article
Preparing for Interview: The Star Method
- Advertisement -spot_img

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

ITDestiny Young -

National Digital Economy and E-Governance Act 2024: THE DIGITAL TRANSFORMATION ERA

For effective execution of the provisions under this Act, there shall be established in every public institution an ICT Unit with such number of staff as may be required for efficient performance, effective service delivery, and digital transformation of functions in the respective public institution.
- Advertisement -

More Articles Like This

- Advertisement -

LATEST POSTS

National Digital Economy and E-Governance Act 2024: THE DIGITAL TRANSFORMATION ERA

Destiny Young - 0
For effective execution of the provisions under this Act, there shall be established in every public institution an ICT Unit with such number of staff as may be required for efficient performance, effective service delivery, and digital transformation of functions in the respective public institution.

National Digital Economy and E-Governance Act 2024

Destiny Young - 0
The bill aims to create a legal framework for the digital economy in Nigeria and improve the way the government delivers services to citizens

CrowdStrike: Revolutionizing Cybersecurity

Destiny Young - 0
CrowdStrike is a leading cybersecurity company dedicated to protecting organizations from cyber threats

Data Lifecycle Management: EXPLAINED

Destiny Young - 0
Data lifecycle management (DLM) is a policy-based approach to managing the flow of an information system's data throughout its lifecycle: from creation and initial storage to when it becomes obsolete and is deleted.

LATEST TECH TIP

Facebook

How Hackers Use Fake Facebook Copyright Infringement Flags to hack your account

Destiny Young - 0
If you receive a message saying your Facebook account has been blocked for copyright violation, don’t panic. It’s most likely just another phishing scam.

CATEGORIES

© Copyright 2024 | Young, Destiny A | All Rights Reserved