fbpx

Security: How a Company’s Network is Breached

Must Read

Destiny Young
Destiny Younghttp://linktr.ee/youngdestinya
Destiny Young is a highly credentialed information technology professional with over 13 years of industry experience. An HND/BSc (Hons) Computer Science graduate. He holds a Master of Technology degree in Information Technology from the prestigious University of South Africa (UNISA). He is a Distinction-grade MBA alumnus of Nexford University, Washington, DC, where he also obtained a First-class MSc degree in Digital Transformation. He is currently pursuing MSc in Cybersecurity. His professional development direction is in Cybersecurity, Digital Transformation, and Business Intelligence. He is a member of the British Computer Society (BCS), the Chartered Institute of Administration of Nigeria (CIA), the Nigeria Computer Society (NCS), etc.

By: DESTINY YOUNG, Technopreneur, IT Infrastructure/Cybersecurity and Privacy Engineer

A particular corporate organisation contacted me to do a risk assessment of their IT systems and make appropriate recommendations to forestall the incessant breaches experienced.

Before I was contacted, the company had experienced a variety of security breaches to the extent that the MD/CEO corporate email was compromised, and the attacker used the MD email account to send an email to a client demanding for an anticipated payment to be made to private account creating the suspicion that the MD could have asked them to make the transfer to individual account instead of the company’s account.

When the client suspected an unofficial request, the client decided to confirm the request by directly calling the MD. To their MD’s great surprise, his official email was used to make the request. This was when the MD became aware that his confidentiality had been breached, calling into memory when a suspicious transaction order occurred some years back after an attacker used his email to order the company’s Financial Manager to transfer a certain sum of money from the Company’s account to the account of an unknown person which was later discovered to fraudulent accounts of a hacker who had access to the MDs’ email upon which he sent the order to the Finance Manager and in which case the Finance Manager acted upon on the assumption that it is the MD’s directive.

SECURITY ASSESSMENT:

To conduct the security assessment, I made it clear that I would not be able to effectively carry out my assessment because certain security controls were not in place prior to the security incident, but that I would want to implement security controls and observe anomalies with the company’s IT systems and Network, to have a clue where the threats come from. Approval was granted.

IMPLEMENTATION OF SECURITY CONTROLS:

The following were the Security Controls I put in place:

  • I installed an Endpoint Cloud-based security software in the company’s server and on all connected endpoint devices.
  • The company uses MTN Internet services with a dedicated IP, I installed a Firewall to monitor incoming and outgoing traffic within the network.
  • I installed a software-based web content filtering software to monitor and regulate access to certain website resources.

Please note, that web filtering software is a type of security software that blocks access to certain websites or content based on predetermined criteria. It can be used to protect children from inappropriate content, block malware and phishing sites, and enforce company security policies. There are various types of web filtering software available, including cloud-based, network-based, and endpoint solutions.

How the Web Content Filtering works – When an Internet Service Provider gives a client a dedicated IP address, that IP address serves as the Internet gateway for the client, and all Internet request passes through that IP address. To filter internet access from that IP address, the IP is then entered into a web filtering software and access to other website addresses or IPs can then be controlled and regulated. Any IP address of the website in the Web Content Filtering Whitelist is allowed, any other ones placed in the Blacklisted is disallowed (Blocked).

IMPLEMENTATION OF THE COMPANY’S IT POLICY

  • I implemented a company’s IT policy that forbids an employee from accessing YouTube, Porn Sites, Music Sites, Crack software download sites, etc.
  • I also implemented a system password change policy that forces the user to change his or her system password every 3 months.
  • I restricted using a browser to log into Facebook. That is, Employees accessing Facebook.com from a web browser.

RISK DISCOVERY:

After a couple of weeks, I started to get a report from the Web Content Filtering Software showing employees thousands of requests to access a porn site. Thankfully, the Web Content Filtering software blocked all those requests.

The above discovery gave me a clue as to the Attack Surface used to be the attacker to access the Company’s Corporate Network.

TYPICALLY:

Malicious attackers are quite aware that people love to watch p0rn movies, especially at idle work moments via their mobile device or office computer. They deploy their malware on such websites.

When you visit a p0rn website on your browser using your mobile device or office computer, your device is 100% likely to be infected by a trojan.

Trojan is a malicious software developed by an attacker to use to gain access to another system with the owner’s consent. They come in various forms. One of the forms is a keylogger.

When a website containing a trojan is visited, a Keylogger is downloaded and stealthily installed on a user’s device. The assignment of a keylogger is to log your keystrokes from either a computer keyboard or mobile device keypad.

In the case above, once an attacker successfully gains access to an employee’s email account login credentials, he can use it to transmit the keylogger to other users within the network via sent emails until the attacker lays hands the expected email address, for instance, the MD/CEO email.

If the attacker has access to the IT manager’s account, he can make a lateral movement within the network until he has full admin control of the entire company’s network. At this point, the company is at his mercy.

RISK MANAGEMENT:

  • The implementation of the firewall system enables the inbound and outbound network traffic to be monitored. Any observed anomaly will explicitly be blocked.
  • The password change policy ensures that users constantly change their passwords should they have been compromised during the previous breaches.
  • The Endpoint security software protects all endpoint devices (mobile phones, laptops, desktop computers, servers) from malware.
  • Web Filtering ensures no employee accesses the company’s restricted websites.

In conclusion, data breaches can damage business reputation and cause financial losses to companies that pay lip service to cybersecurity.

Destiny Young
Destiny Young is a highly credentialed information technology professional with over 13 years of industry experience. An HND/BSc (Hons) Computer Science graduate. He holds a Master of Technology degree in Information Technology from the prestigious University of South Africa (UNISA). He is a Distinction-grade MBA alumnus of Nexford University, Washington, DC, where he also obtained a First-class MSc degree in Digital Transformation. He is currently pursuing MSc in Cybersecurity. His professional development direction is in Cybersecurity, Digital Transformation, and Business Intelligence. He is a member of the British Computer Society (BCS), the Chartered Institute of Administration of Nigeria (CIA), the Nigeria Computer Society (NCS), etc.
- Advertisement -spot_img

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

How to Pass CompTIA Security+ SY0-701 Exam with Just 3 Days of Study

Passing the CompTIA Security+ SY0-701 exam with just three days of study might seem daunting, but with the right tools and strategies, it’s achievable. Utilizing ChatGPT to generate a customized study guide.
- Advertisement -

More Articles Like This

- Advertisement -