THE HERO of THE STORY:
- Company CxO
- Electronics manufacturing services company
- Microsoft Outlook account breached
Poor password hygiene leads to compromised Outlook account.
- Executive receives several undeliverable emails and becomes suspicious
- Outlook account breached without his knowledge
- Bad actor sends up to 800 spam emails in executive’s name – putting recipients at risk of identity and credit theft
- Executive used variation of breached password available on the dark web
It wasn’t just the executive who was at risk, a compromised Outlook account puts everyone connected to the account at risk – including the corporate network and email recipients.
After terminating access to the corporate Outlook account, the company’s IT team contacted BlackCloak. We initiated a comprehensive discovery and remediation plan to determine if bad actors were at work and recommend cybersecurity risk mitigation actions.
- Conduct forensic investigation to determine if Outlook account had been hacked
- Assess impact on executive and company
- Understand privacy and security controls across all personal accounts
- Review of dark web for stolen credentials
- Secure email account for further risk mitigation
Putting the Plan into Action
The company’s IT team reviewed BlackCloak’s plan and instructed us to remove the threat and protect the account against future attacks.
- Launched a forensic investigation and determined the Outlook account was hacked
- Attack originated from previously breached Azure virtual machine
- Discovered that executive was using a variation of breached password leaked on the dark web
- Implemented multi-factor authentication on all accounts, changed passwords, documented damage, and removed threat.
- Scanned dark web for exposed passwords and removed credentials from data broker sites