Evidence of why Supply Chain Risk is being elevated to Board Level. Our customer supplies electricity to thousands of homes and business, so are relied on to literally keep the lights on, along with everything else. Despite investing in millions in cyber security protection for the email gateway, we saw clear evidence of sophisticated attackers wishing to cause severe disruption to a critical national in structure organisation. One of our customers suppliers, a tools manufacture, had been breached months before the attack took place and there was clear evidence emails were being monitored by the bad actors, who were simply looking for the right time, and right people to target.
The attack came in the form of two pdfs, which unusually had the payload embedded as a file, the reason was not to arouse suspicions of the two recipients in Finance. The pdf documents were made to look like legitimate paperwork, yet contained Ransomare.
How we protected this customer:
Each pdf loaded with Ransomware was treated just like every other that enters the organisation, which are stripped of all active content in a process Glasswall calls ‘Sanitise’. For our customer, this removes all active content such as URL links to prevent Phishing, and anything else users can click or activate – this is typical for our highly risk averse customers. This policy driven process prevented Embedded Files hidden with the pdf to reach the Finance team, and the Ransomware attack was disarmed. The users simply reported the events as ‘suspicious’, which allowed our customer to start Incident Response and view our Threat Intelligence from a safe place.