Cyber Criminals Hi-jacking email conversations to divert payments

Since March 2017, Informant Networks has been noticing a combination of a cyber and physical social engineering attack at 3 different companies in the Udyambag Industrial Area in Belgaum. The modus operandi of the criminal group is to hijack email conversations between two businesses and intervene at the point at which financial transactions are supposed to take place.

The attack starts by compromising the email account of one of the two business entities that are normally known to do business, the attacker at this stage just observes the email exchanges between the representatives of the two companies being attacked, once the conversation has come to a finish or when matters of payments are being discussed, the attacker starts impersonating the receving party in the financial transaction and provides a new account number for the funds to be transferred.

We have your email.

The attackers here take advantage of previously established trust between the two companies and requests for payments to be done to a new account and not to the previous account which would be the account of the legitimate business.

Once the funds are transferred to the attackers account. the money is withdrawn almost immediately and all trails are cold. This combination of a cyber and physical attack is lethal since it takes advantage of a previously established trust.

In these situations it is advisable to reach out to a previously known contact over a previously used phone number and cross check for the correspondence by a new individual claiming to be from the same company.

Managed Operational Security – So you can be in peace

In the current market scenario, it is of utmost importance to maintain a sustained image to your brand.  In view of the same,organizations need to maintain an unceasing online presence to attract potential customers. Since September 2016, we have responded to incidents at 3 separate web development and web hosting provider companies in Belgaum and Bangalore due to their infrastructure being compromised. The compromise of these servers resulted in the defacement of some websites hosted on those servers, which led to redirection of website visitors to other sites with adult content, pharmaceutical products etc..

Continue reading

pc-locked-image

Ransomware – The growing threat in North Karnataka

Informant Networks has recently observed and responded to Ransomware attacks affecting the manufacturing sector based out of the Udyambag Industrial region. While the most affected companies are those which possess Intellectual Property(CAD drawings, designs of products, blue prints, business process related documents, etc..) others have lost data due to inadequate protection and ineffective defensive mechanisms. Most of these attacks are orchestrated via use of infected pen drives, by attachments sent via E-mail and by using of an infected version of the popular remote desktop tool ‘Ammyy Admin’

We take this as an opportunity to educate the general populace about Ransomware.

Continue reading