Jump to content

Network hack? Possibly spyware?

berderder
 Share
Posted

Hi everyone,

 

I have an attorney client whose email address was used to contact a customer asking for a wire transfer for a large sum of money. The attorney didn't send it, but rather a malicious person did.

 

My first thought was that some spyware picked up his email credentials and the malicious user combed through his contacts for a target. Also it's a possibility someone was shoulder surfing when he typed in his credentials and wrote down the info.

 

If credentials and sensitive info were stored locally or on the server, maybe his network has been hacked.

 

What would be your first thoughts, reactions, and steps taken in this scenario?

 

Thank you.

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

e-mail spoofing, man-in-the-middle, spyware, etc.

 

I'd pull the entire network offline pending investigation. Every single machine should be taken off of the network, audited and hopefully problem found and fixed.

Remember kids, the only difference between screwing around and science is writing it down. - Adam Savage

 

PHOΞNIX Ryzen 5 1600 @ 3.75GHz | Corsair LPX 16Gb DDR4 @ 2933 | MSI B350 Tomahawk | Sapphire RX 480 Nitro+ 8Gb | Intel 535 120Gb | Western Digital WD5000AAKS x2 | Cooler Master HAF XB Evo | Corsair H80 + Corsair SP120 | Cooler Master 120mm AF | Corsair SP120 | Icy Box IB-172SK-B | OCZ CX500W | Acer GF246 24" + AOC <some model> 21.5" | Steelseries Apex 350 | Steelseries Diablo 3 | Steelseries Syberia RAW Prism | Corsair HS-1 | Akai AM-A1

D.VA coming soon™ xoxo

Sapphire Acer Aspire 1410 Celeron 743 | 3Gb DDR2-667 | 120Gb HDD | Windows 10 Home x32

Vault Tec Celeron 420 | 2Gb DDR2-667 | Storage pending | Open Media Vault

gh0st Asus K50IJ T3100 | 2Gb DDR2-667 | 40Gb HDD | Ubuntu 17.04

Diskord Apple MacBook A1181 Mid-2007 Core2Duo T7400 @2.16GHz | 4Gb DDR2-667 | 120Gb HDD | Windows 10 Pro x32

Firebird//Phoeniix FX-4320 | Gigabyte 990X-Gaming SLI | Asus GTS 450 | 16Gb DDR3-1600 | 2x Intel 535 250Gb | 4x 10Tb Western Digital Red | 600W Segotep custom refurb unit | Windows 10 Pro x64 // offisite backup and dad's PC

 

Saint Olms Apple iPhone 6 16Gb Gold

Archon Microsoft Lumia 640 LTE

Gulliver Nokia Lumia 1320

Werkfern Nokia Lumia 520

Hydromancer Acer Liquid Z220

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
4 minutes ago, revsilverspine said:

e-mail spoofing, man-in-the-middle, spyware, etc.

 

I'd pull the entire network offline pending investigation. Every single machine should be taken off of the network, audited and hopefully problem found and fixed.

I'm going to tell him to change his email password, run anti-virus/anti-malware, and I suppose the same with other client computers in the office.

 

Do you suggest anything with his firewall? I remember man-in-the-middle, but are there any steps you would take to tackle that in particular or any other possibility?

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
16 minutes ago, berderder said:

I'm going to tell him to change his email password, run anti-virus/anti-malware, and I suppose the same with other client computers in the office.

 

Do you suggest anything with his firewall? I remember man-in-the-middle, but are there any steps you would take to tackle that in particular or any other possibility?

man-in-the-middle attacks are generally physical attacks where the perp intercepts traffic from either the network internally or from somewhere between the network and the ISP.

I'm kinda rusty on network security and software firewalls, since I've been using a hardware-based firewall for the past 5 or so years

Remember kids, the only difference between screwing around and science is writing it down. - Adam Savage

 

PHOΞNIX Ryzen 5 1600 @ 3.75GHz | Corsair LPX 16Gb DDR4 @ 2933 | MSI B350 Tomahawk | Sapphire RX 480 Nitro+ 8Gb | Intel 535 120Gb | Western Digital WD5000AAKS x2 | Cooler Master HAF XB Evo | Corsair H80 + Corsair SP120 | Cooler Master 120mm AF | Corsair SP120 | Icy Box IB-172SK-B | OCZ CX500W | Acer GF246 24" + AOC <some model> 21.5" | Steelseries Apex 350 | Steelseries Diablo 3 | Steelseries Syberia RAW Prism | Corsair HS-1 | Akai AM-A1

D.VA coming soon™ xoxo

Sapphire Acer Aspire 1410 Celeron 743 | 3Gb DDR2-667 | 120Gb HDD | Windows 10 Home x32

Vault Tec Celeron 420 | 2Gb DDR2-667 | Storage pending | Open Media Vault

gh0st Asus K50IJ T3100 | 2Gb DDR2-667 | 40Gb HDD | Ubuntu 17.04

Diskord Apple MacBook A1181 Mid-2007 Core2Duo T7400 @2.16GHz | 4Gb DDR2-667 | 120Gb HDD | Windows 10 Pro x32

Firebird//Phoeniix FX-4320 | Gigabyte 990X-Gaming SLI | Asus GTS 450 | 16Gb DDR3-1600 | 2x Intel 535 250Gb | 4x 10Tb Western Digital Red | 600W Segotep custom refurb unit | Windows 10 Pro x64 // offisite backup and dad's PC

 

Saint Olms Apple iPhone 6 16Gb Gold

Archon Microsoft Lumia 640 LTE

Gulliver Nokia Lumia 1320

Werkfern Nokia Lumia 520

Hydromancer Acer Liquid Z220

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×