An employee at a computer software company fell victim to a business email compromise (BEC). The threat actor successfully stole approximately one million dollars from the company over the course of two days through messaging app communications and falsified email addresses. The company retained FTI Cybersecurity to investigate the attack and determine whether or not the company’s network had been compromised.
Over the course of the investigation, FTI Cybersecurity conducted an analysis of the artifacts from the cyber attack, including app messages, emails, and text messages, and logs from the company’s Microsoft environment. Our team also provided several technical remediation solutions to ensure that identified indicators of compromise were excluded from the environment and to monitor for potential compromise in the future.
Upon reviewing the communications and internal logs, and working closely with the company’s IT staff, FTI Cybersecurity determined that the threat actor never gained access to the network. Instead, the threat actor had completed a successful social engineering attack. The company was able to use the recommendations from our team, including ensuring checks and balances are leveraged going forward, to improve their cybersecurity surrounding money transfers, so that similar situations can be prevented.