shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: SANS Institute

      Aug 21, 2020 3:11:30 PM

      The target: SANS Institute, a cybersecurity training firm.

      The take: 28,000 records of Personally Identifiable Information including: names, job title, industry, home address and country of residence.

      The attack vector The attack occurred through a “consent phishing” scam, where the attacker attempts to trick employees to install a malware app or grant it permissions to access sensitive data or execute dangerous commands. The phish in this case was design to replicate a SharePoint link via O365, and after the employee clicked the link and authorized the installation of the malware, a forwarding rule was created, sending 513 emails to the anonymous hacker.

      This breach demonstrates that critical thinking and scrutiny is essential when dealing with e-mail communication. Performing the ‘hover test’ to validate links in incoming mail and validating the message sender are critical for avoiding these phishing attacks.

      Read more...

      Topics:Know Your Breach

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates