Cyber attacks are evolving. Is your cyber security plan evolving too?

The City of Ottawa’s treasurer fell victim to a popular cyber attack technique known as “whaling”. This threat compromises the email account(s) of a person in authority at an organization and sends email requests to personnel -- at the organization or a trusted third party -- to perform an action. In this case, the attacker requested a payment be made to a new wire address.

These organized criminals or threat groups responsible for these forms of attacks often have a high success rate. MNP’s Cyber Incident Response team has responded to dozens of these incidents for both private and public organizations. The financial loss of some organizations from a single whaling request exceeds $100,000 USD and can total in the millions of dollars.

The City of Ottawa is in a fortunate position as the RCMP and the U.S. Secret Service have identified the likely fraudster involved and the City may recover some of its lost funds. For most organizations in this predicament, they are not so fortunate and typically do not recover any of their lost funds. Without the proper insurance, they may need to pay for this event in full.

Why is this form of attack resulting in unauthorized wire transfer so prevalent? Because it is easy. Attackers put in the minimum amount of effort required to achieve their goal. Successful phishing of an organization is easy and compromising the trust system between people is simple. Once this stops being easy, attackers will find some other attack that is easy to achieve their goals.

This loss could have been avoided. CTV News reports that a similar attack within the City of Ottawa’s environment became evident in early 2018, however it was not reported. We cannot speculate on the exact details of the event, however, had that event been reported, the City could have regarded the event as a probable loss had it been successful, resulting in implementation of preventive and mitigative controls.

The incident is the pinnacle point that cyber security addresses. For organizations looking to defend against attackers, they must have three main practices: prevent, anticipate, and mitigate and respond. Effective threat intelligence processes can identify whaling as a prevalent attack being used globally and potentially against the organization itself, allowing the organization to address the attack by putting specific controls in place to prevent, anticipate, mitigate and respond. Your organization can stay one step ahead of the attacker.

Knowing what to do when an incident is identified and acting effectively within the first 24 hours is equally important. Effective response can help you recover and prevent losses by means of immediate actions, like identifying the unauthorized wire transfer mid-approval, halting it and removing the threat from the environment.

To learn more about defending your organization against cyber attacks, contact Danny Timmins, National Leader, Cyber Security 905.607.9777 [email protected] or Sam Smagala, Senior Consultant, Cyber Security, 905.607.9777, [email protected] .