{"id":314,"date":"2023-07-04T23:35:23","date_gmt":"2023-07-04T23:35:23","guid":{"rendered":"https:\/\/smart.zadig.cloud\/?post_type=scenario&#038;p=314"},"modified":"2023-11-17T11:35:39","modified_gmt":"2023-11-17T11:35:39","slug":"rogue-invoice","status":"publish","type":"scenario","link":"https:\/\/smart.zadig.cloud\/it\/scenarios\/rogue-invoice\/","title":{"rendered":"Fattura irregolare"},"excerpt":{"rendered":"<p>A volte, anche un furto apparentemente insignificante pu\u00f2 avere conseguenze disastrose per il tuo business.<br \/>\nLavorare in remoto pu\u00f2 esporti a rischi significativi, ma siamo qui per aiutarti a bloccare tutti quelli legati all'IT.<\/p>","protected":false},"featured_media":1764,"template":"","meta":[],"acf":{"stage":"This celebrated contractor agency has earned a reputation for excellence in managing large-scale construction projects. With a portfolio of diverse ventures, their team of skilled professionals operates across multiple locations, constantly moving between construction sites to deliver exceptional results.\r\n\r\n<strong>Embracing innovation and technology, the agency equips its employees with company-owned laptops that serve as a gateway to crucial resources. These devices enable seamless access to shared files and management software, empowering the team to stay updated on construction plans, collaborate effectively, and streamline communication with suppliers and stakeholders.<\/strong>\r\n\r\nBy leveraging technology as an integral part of their operations, this contractor agency remains at the forefront of the industry, consistently delivering exceptional projects while adapting to the demands of a dynamic and ever-changing construction landscape.","timeline_new":[{"title":"Day 1","content":[{"hour":"Afternoon","description":"At the end of the shift, the attacker steals a laptop from a worker's backpack, leaving the backpack untouched."},{"hour":"Evening","description":"Taking advantage of the absence of security measures like full disk encryption, the attacker easily installs a spyware on the stolen laptop."}],"gravity":"#FFFFFF"},{"title":"Day 2","content":[{"hour":"Morning","description":"The owners reported the theft to the authorities. Following this, a complaint is filed with the local police station."},{"hour":"Afternoon","description":"The attacker returns the laptop to the local lost and found, where it is immediately matched with the filed complaint and the owner is notified."}],"gravity":"#FFFFFF"},{"title":"Day 3","content":[{"hour":"Morning","description":"The laptop is retrieved and quickly inspected. Since there are no signs of tampering it is considered safe, and the incident is closed treating it as a simple incident rather than a theft."}],"gravity":"#FFFFFF"},{"title":"Day 4","content":[{"hour":"","description":"The laptop is returned to the worker, with a cautionary reminder to exercise greater vigilance in safeguarding their belongings in the future."}],"gravity":"#E7324A"},{"title":"Day 5","content":[{"hour":"","description":"Exploiting the spyware's capabilities, the attacker gains unauthorized access to the employee's email and shared drive credentials, opening a gateway to sensitive company information."}],"gravity":"#E7324A"},{"title":"Day 5-30","content":[{"hour":"","description":"Over the course of several weeks, the attacker meticulously studies the inner workings of the company, collecting valuable intelligence. "}],"gravity":"#E7324A"},{"title":"Day 32","content":[{"hour":"","description":"Leveraging the information gathered earlier, the attacker initiates a social engineering attack on the secretary, convincing them that the client's phone number has changed."}],"gravity":"#E7324A"},{"title":"Day 35","content":[{"hour":"","description":"The attacker informs the secretary about a banking problem and requests a change in the payment's IBAN, along with a delay in the payment. The previously acquired insights enable the attacker to remain undetected, despite the secretary suspects."}],"gravity":"#E7324A"},{"title":"Day 37","content":[{"hour":"","description":"To finalize the attack, an urgent email is sent to the secretary, providing the new IBAN details and emphasizing the need for immediate payment to prevent potential new issues."}],"gravity":"#E7324A"},{"title":"Day 53","content":[{"hour":"","description":"Investigating the payment delay, the legitimate provider unravels the fraudulent scheme. The agency has to pay the bill once again."}],"gravity":"#E7324A"}],"consequences":[{"title":"Financial Losses","description":"Since the main goal of the attack was to hijack a payment the company obviosuly had a very big direct financial loss. We can't forget, however, that reputational damage can also easily produce economic damage, and this is clearly the case."},{"title":"Privacy Violations","description":"Having gained access to all the company systems, the attacker had also got access to loads personal data of providers and clients. This is clearly a problem as many contracts are NDA-protected."},{"title":"Further Risks","description":"Even if the main attack ended, the insight gathered by the attacker expose the company to the risk of others similar attacks in the future. And since insights remains to the attacker, a password change is not enough to mitigate this risk."}],"the_other_way":"<strong>OFF-SITE WORKING IS CLEARLY RISKIER THAN ON-SITE WORKING,<\/strong>\r\nhowever there are few precautions that could have stopped this attack, like applying full disk encryption to the device, or handling permissions safely.\r\nZADIG Smart can give you at least three complete solutions to stop this attack.","the_other_way_suggestions":[{"title":"Mobile Device Management","description":"A well configured MDM could have enforced full disk encryption and remotely locked the device immediately after the thief, thus preventing the attack from taking place. In addition, it will have also helped to easily reconfigure the device after the restitution, allowing the IT to just wipe it and get rid of the spyware","image":1782},{"title":"SSO","description":"Instead of having a single credential for everyone, the SSO allow you to configure (in the service you are accessing) the same login you are already using for ZADIG Smart. This way, should a credential be compromised, it can easily be revoked for every service without impacting other users' workflow.\r\n","image":1787},{"title":"Compliant-Only Access","description":"To further enhance your security, we support the option to restrict access to our login only to compliant devices. This means that a session reuse on another non-enrolled device would have been impossible, thus preventing the attacker to gain access to corporate resources","image":1781}]},"_links":{"self":[{"href":"https:\/\/smart.zadig.cloud\/it\/wp-json\/wp\/v2\/scenario\/314"}],"collection":[{"href":"https:\/\/smart.zadig.cloud\/it\/wp-json\/wp\/v2\/scenario"}],"about":[{"href":"https:\/\/smart.zadig.cloud\/it\/wp-json\/wp\/v2\/types\/scenario"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smart.zadig.cloud\/it\/wp-json\/wp\/v2\/media\/1764"}],"wp:attachment":[{"href":"https:\/\/smart.zadig.cloud\/it\/wp-json\/wp\/v2\/media?parent=314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}