Request a Demo
Request a Demo

SAAS-based Software Solution provider

Customer is a low-cost, SAAS-based Software Solution provider that is easy to use and powerful in its features and adapts to your needs.

Case Details

Clients: SAAS-based Software Solution

Start Day: 15/09/2023

Tags: IT Company

Project Duration: 2.5 years

Download Case Details

Download a detailed report on this case

File Download. PDF

Let’s Talk

Get in touch with a AiCyberWatch representative to see a demo or simply learn more about our products.

Address Business
606, SSR Corporate Park Mathura Road, Faridabad-121003 Haryana, India.
Contact With Us
Call us: +91-8010101070 [email protected]
Working Time
Mon - Sat: 8.00am - 18.00pm Holiday : Closed
Get in Touch With Us

Project Scope:

Our customer discovered a Business Email Compromise (BEC) attack to trick one of its clients into paying invoices totalling nearly USD 60,000 to an alternative Bank account. The company detected the attack before any payment was made by the client – an alert employee of the client company insisted on verbally verifying the financial details provided, which triggered the alarm.

However, our customer wanted to understand the extent of compromise and how to protect itself from similar threats and conduct a full forensic investigation.

Solution Approach

AiCyberWatch's initial assessment was an analysis of Office 365 Email logs and discovered that six weeks before the BEC attack, one of the Office accounts had received a phishing email.
The email, purported to be from Microsoft, claimed that the user's account may have been accessed from a different location and required to log in and review activity for security reasons.
Since the phishing attempt was successful, AiCyberWatch proceeded to review the account's audit logs and soon became apparent that the attacker had successfully accessed the account from an unidentified IP address.
Immediately, mailbox rules were implemented to check all incoming emails for keywords, move them to the user's RSS subscriptions folder in Outlook, and mark them as unread.
This procedure would help an attacker quickly identify emails of interest and prevent the compromised user from viewing and replying to them.

Technical Analysis continued with Innovation

One email thread that caught the attention of the attacker involved the billing of two high-value invoices issued by an SAAS vendor to one of its clients.
An analysis of email logs reveals that attackers used information gathered during the survey to create a chain of fake email communications to impersonate compromised users and request payment of outstanding invoices to an alternate bank account.
Further attempts by the attacker to conceal the fraud were revealed by later analysis, which showed that all incoming emails from the firm's client to the compromised Office account were immediately deleted.
Further log analysis revealed that an email rule was set in the compromised account to automatically forward all incoming/outgoing emails to an external Gmail address.
In the week after the attack was discovered, the email forwarder delivered more than 280 emails to a fraudulent account, resulting in the continued disclosure of highly confidential client data and payment information to the attacker.
While tracing the attack sources, these attempts originated from IPs in Nigeria, China, and later the United Arab Emirates, from where a few successful logins were eventually made.

Outcomes and Deliverables

After discovering the BEC attack, a compromised Email account was blocked for Sign-in.
Enforced multi-factor authentication for all O365 users to prevent malicious login attempts
The attack was safely contained only after the AiCyberWatch team identified and disabled the forwarding emails, and was able to trace and stop further disclosure of confidential data that getting leaked by forwarding emails to Gmail ID.
Able to trace the Attack surface and safeguarded from any future Email Phishing attacks.
PREVIOUS PROJECT
NEXT PROJECT

Footer Main

Explore our IT services: innovative solutions, cutting-edge technology, and expert support to transform your business digitally.

  • Hom
  • Templates
  • Footer Main
our mission

Being in the people business can mean difficult decisions and tough conversations. We believe in going into every meeting with a desire and ability to be genuine and compassionate. We are all people, and people make mistakes. We’re here to help you fix those, without risk or judgment, and move forward. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Layer 1
our Vision & Our purpose

Balancing the Opportunities of Today With The Needs Of Tomorrow.

At SafeByte, we are a renowned global consulting firm committed to collaborating with business and societal leaders in overcoming their most critical challenges and seizing their greatest opportunities. Our achievements are rooted in fostering deep collaboration and cultivating a global community of diverse individuals who are dedicated.

We have highly skilled engineers with excellent technical knowledge and experience in using the latest software standards. We have built a large pool of knowledge that we apply to deliver solutions that meet client’s needs, expectations and budget.

Insight to Light

Uncover deep insights from data and experiences, transforming information into innovative actions that deliver practical value and breakthroughs.

Drive Inspired Impact

Inspire through action, creating positive change in communities and driving sustainable impact with purpose and passion.

Lead With Integrity

Guide with honesty and integrity, building trust and respect to establish a strong foundation for long-term success.

Grow by Growing Others

Elevate yourself by empowering others, sharing knowledge, and fostering growth to achieve collective progress.

our value

Constant Value of Reliability & Responsibility.

At SafeByte, we believe building trust builds better business. To cultivate trust, four basic core values guide our behavior in all aspects of our business.

shieldwdwdw
Excellence in Everything
A commitment to strive relentlessly, be innovative and to constantly improve ourselves, our teams, our services and products.
puzzle
Integrity and Transparency
We honor our commitments to clients, to each other, and to the company. We take ownership of our work and hold ourselves.
target
Focus on the Client
We recognize that people drive success. We work together, both as a company and with our clients, to share knowledge.
leadership
Leadership by Example
A commitment to set standards in our business and transactions and be an exemplar for the industry and our own teams.
growth
Result With Unparalleled Services
4 Point strives to provide “white glove” service to all of our clients, team members, and candidates. With the majority of our team having Masters degrees or beyond.
We are always online, Let's Talk!

Streamline your Technology with our Trusted IT Support.