Digital4nx Group, Ltd.

  • About Us
    • Who We Serve
    • Close
  • Digital Litigation Support Services
    • Digital Forensic Investigations
    • Electronic Discovery Hosting, Consulting, and Advisory
    • Early Case Assessment
    • Expert Witness Testimony
    • Close
  • Cyber Security Services
    • Advanced Ethical Hacking
    • Vulnerability Assessment
    • Post-Breach Incident Response
    • Cyber Awareness Training
    • Cyber Risk and Compliance Assessment
    • CISO-As-A-Service
    • Close
  • News and Case Studies
  • Events
  • Contact Us
    • Subscribe to Newsletter
    • Close
You are here: Home / Case Studies / When The Hack of a Business Partner is Just as Bad as the Compromise of Your Own Systems.

When The Hack of a Business Partner is Just as Bad as the Compromise of Your Own Systems.

May 1, 2022 by Rob Kleeger

* All names and identities are fictitious and have been changed.

Digital4nx was recently retained in a post-incident response investigation of a highly targeted spear-phishing email attack. Based upon the available evidence and confirmation with LifeScienceCo (“LSC”), the attack began on or around January 25, 2022. The victims targeted were the LSC’s Assistant Controller and the accounting supervisor of their Client.

The attack succeeded in having the Client divert an approximate $730,000 payment of legitimate invoices to a fraudulent bank account.  The attacker appeared to have used a common BEC – Business Email Compromise technique possibly executing a carefully planned man-in-the-middle (MITM) attack.The attacker’s use of the lookalike domains technique presents a severe threat. Not only to the originally attacked organization but also to the third parties with whom they communicated using the lookalike domain. Typically, the attack scheme works by sending phishing emails to high-profile individuals in the target organization to gain control of the account and carry out extensive reconnaissance to understand the nature of the business and the key roles inside the company.

As in this case, the attacker sent one mail each from the spoofed domains to the counterparty, thus inserting itself into the conversation and deceiving the recipient into thinking that the source of the email is legitimate.

The attacker sent one mail each from the spoofed domains to the counterparty, thus inserting itself into the conversation and deceiving the recipient into thinking that the source of the email is legitimate. 

In essence, the attacker poked each victim in the chest a little…knowing the attempted scam was being executed.

The emails that we examined point to the fact that the attacker behind the domains was in possession of information regarding possible financial transactions between our Client and Their Client.  The examination of our LSC’s servers and involved computers did not reveal any compromises, malware, or intrusions. Additionally, there was nothing to suggest that data was exfiltrated from LSC’s network.

The attack began communicating with their client several days before engaging with LSC, and the fact that LSC did not share any banking information leads us to conclude that it is more likely than not, that LSC’s Client’s network systems were compromised and caused LSC’s Client to wire money to the intruders’ account.

In this case, Not only did LSC incur costs to provide the posture that Digital4nx, conducted an independent investigation and provided an opinion to support LCS in their claims against their Client who not only has still not paid our Client the $700K, but their Client was negligent and out $1.4M.

### END ###

Disclaimer: The information contained in this case study is educational only. This is not intended to fully cover everything related to the investigation or constitute expert advice, legal advice or otherwise. You should always seek the advice and counsel of an attorney while proceeding with these matters. Results may vary as each case is unique and the types of artifacts may not exist depending on many variables. Contact us for a confidential initial consultation.

© Copyright 2022, Digital4nx Group, Ltd. All Rights Reserved.

Filed Under: Case Studies, Educational Tagged With: BEC, BUSINESS EMAIL COMPROMISE, Incident Response, MiTM, wire transfer fraud

Digital Litigation Support Service

  • DLSS – Digital Litigation Support Services
  • Digital Forensic Investigations
  • Electronic Discovery Hosting, Consulting, and Advisory
  • Early Case Assessment
  • Expert Witness Testimony

Cyber Security Services

  • Cyber Security Services
  • Advanced Ethical Hacking
  • Vulnerability Assessment
  • Post-Breach Incident Response
  • Cyber Awareness Training
  • Cyber Risk and Compliance Assessment
  • CISO-As-A-Service

Case Studies

  • When The Hack of a Business Partner is Just as Bad as the Compromise of Your Own Systems.
  • The Threat From Within – Theft of IP
  • Digital4nx Group recognized and honored by Enterprise Security

Contact Us

Digital4nx Group, Ltd.
8 S. Main St - Unit 70,
Marlboro Township, NJ 07746
info@digital4nxgroup.com
732-786-4062

Subscribe to Newsletter
© 2019 Digital4nx Group, Ltd. | All Rights Reserved. Sitemap · Privacy Policy