The target: SANS Institute, a cybersecurity training firm.
The take: 28,000 records of Personally Identifiable Information including: names, job title, industry, home address and country of residence.
The attack vector: The attack occurred through a “consent phishing” scam, where the attacker attempts to trick employees to install a malware app or grant it permissions to access sensitive data or execute dangerous commands. The phish in this case was design to replicate a SharePoint link via O365, and after the employee clicked the link and authorized the installation of the malware, a forwarding rule was created, sending 513 emails to the anonymous hacker.
This breach demonstrates that critical thinking and scrutiny is essential when dealing with e-mail communication. Performing the ‘hover test’ to validate links in incoming mail and validating the message sender are critical for avoiding these phishing attacks.