The Target: MIDC, Maharashtra Industrial Development Corporation
The Take: $68,000.00
The Vector: A threat actor gained access to the firm’s CEO’s email account. With the compromised credentials, the attacker sent requests for fund transfers to an external account, to which the employees followed through.
This breach is a stark reminder of not only the importance of credential hygiene and authentication, as well as reminders about access and how attackers will be able to act with all the powers the breached accounts give them, but also for social engineering. These types of attacks exploit our innate desire to do tasks quickly without stopping to consider the nature of the request. At all times, requests for information or monetary payments should be approached with caution and deliberate, thoughtful action.