Is your organizations data valuable to outside threats?

Whether or not your organizations data as valuable to outsiders depends heavily on what business you’re in.

Generally said, your organizations data is valuable :period.

There is an ever increasing amounts of data being taken from paper, and digitized.

Therefore they are not only victim to attempts of corporate espionage, but also to data collection spies, And even more persistent threats.

While ago I worked on a case of CEO Frade, in which the main enabler was the fact that the email server of the organization had a vulnerability, which was exploited, and allow the perpetrators to monitor email communication between the chief executive officer, and The chief financial officer.

This angle was then exposed by the attackers to lose a couple of million euros; unretrievable.

So you see, it’s not only corporate espionage that as a threat of valuable information, but much less appearing information can be utilized to harm your organization.

The most complex case of CEO Fraud… yet; and how to mitigate it.

CEO fraud was probably one of the most devious forms of cyber crime. Above that, it is the highest form of social engineering.

Do you know that feeling when you get to a project and you’re thinking: how in the hell could this have happened?

Recently happened to me in the form that I was called, and sitting in a helicopter being airlifted to a midsized organization in which The most complex case of the CEO Friday I’ve seen today it had happened.

In short: the perpetrators head injected malware into the email server of the organization, thereby being able to monitor both the CEOs and the CFO$ mailboxes permanently.

The CEO was about to contact to deal with an organization in London, and all of his itinerary was in his mailbox; even The telephone number of his hotel.

Long before this happened, the perpetrators had hired someone with a similar voice to that of the CEO, and above that spoke his native language. The CEO used Voice Memos frequently, which allowed the perpetrators to also copy a style of speaking.

The CEO arrived in London, and the deal did not come to fruition. However, the perpetrators called the CFO and the organization, and the impersonator they had hired claimed that the deal had in fact been signed.

The impersonator then gave the CFO the bank details upon which DCF I will execute the transfer of €25 million.

Upon the CEOs returned to the organization into the office A day later to see if I congratulated him to the deal closure.

The CEO then replied that the deal had not been closed, and the things started to unravel

The damage turned out mildly, and we put the necessary precautions and methodology is in place so that the kids like that can never repeat again; at least not with this organization.