In a recent study by the University of Maryland, it was reported that there are an estimated 2,200 cyberattacks every day, or approximately one every 39 seconds and more than 800,000 people fall victim to cyberattacks each year. As cybersecurity experts tasked with protecting our client’s businesses, we can relate to the increasing number of attacks, as well as their ever evolving sophistication. In particular, phishing attacks continue to push the boundaries of any business’s security defenses, particularly in how the human element comes into play. Recently, our team experienced a security incident that underscores the importance of vigilance, swift action, and user awareness. Here’s what unfolded in a recent attack we successfully thwarted, and the details as to how we responded to a phishing attempt that could have led to a severe data breach.

The Incident and How it Began

The incident began on the morning of July 17, 2024. One of our client’s employees received a seemingly “innocent” email with an ordinary subject line. Upon opening it, the user noticed something unusual. The email was completely blank, except for a Word document attachment containing a QR code.

At 09:11 AM PST, our security system triggered an alert when Microsoft flagged a risky login attempt, immediately notifying our SOC team of potential suspicious activity.

Rapid Response in Action

We acted immediately. By 09:15 AM PST, we had reviewed the alert, pinpointed the suspicious logins, and swiftly blocked the compromised account to prevent any further unauthorized access. Next, we contacted the affected user to gather more information. The user confirmed that they had scanned the QR code from the email using their personal phone, unknowingly entering their credentials into a phishing site. Although the attacker had managed to capture the login details, our quick response ensured they were blocked from causing any harm.

Locking Down the Threat

Our security protocols worked exactly as intended. Once the suspicious login was detected, our conditional access policy was automatically activated, preventing the attacker from accessing their systems.  With that, we knew additional steps were necessary to ensure this attack was stopped dead in its tracks. We immediately blocked the malicious website across all company devices and added the phishing domain to the block list. To further strengthen our client’s defenses, we enhanced the email filters to intercept any future attempts from high-risk regions.

Reminders for the Future

We were able to contain the incident swiftly, resulting in no impact on our client’s operations. This attack served as a crucial reminder that phishing techniques are becoming increasingly sophisticated and more difficult to detect.  Even with robust security measures, some threats can still bypass defenses. This underscores the importance of staying vigilant and is another reason why we continuously update our knowledge of the latest security practices in protecting our clients.

Staying Ahead of the Game – and the Human Factor

This incident highlighted that while technology plays a critical role, human awareness is equally vital. Our ongoing security awareness programs are an excellent resource for keeping our client’s informed about emerging threats and how to defend against them.

If you’re interested in understanding more about the tactics used in this incident, especially the use of QR codes in phishing, check out our recent blog article: The Rise of Malicious QR Codes in Phishing Emails. It’s packed with tips on how to recognize and avoid these kinds of scams.

Investing in Cybersecurity with NTS is easy

NTS provides comprehensive cybersecurity services as part of our managed services. Our customers receive a proactive, effective solution through high-quality tools employed by a team of experts with a broad and deep skill set. We provide foundational systems support that significantly maximizes network performance and uptime, while reducing risk of cyberattacks and malicious actions, allowing our clients to focus on their operations and customers. Schedule a consultation with NTS today!