Counter-measures Against a Cyber Attack

The digital transformation has permeated all aspects of society – connecting people, fuelling job opportunities and economic growth globally. However, its pervasive nature has also unleashed a Pandora’s box of cybercrimes. 

In the Singapore Cyber Landscape 2018 report by the Cyber Security Agency of Singapore, online crimes showed no signs of abating. In 2017 a total of 5,351 cases were reported. This has increased to 6,179 cases in 2018. We have seen cyberattacks attempted even against organisations that invest heavily in cybersecurity – Facebook, Google+, SingHealth, Cathay Pacific Airways, Marriott Starwood hotels, etc. It seems that there are no permanent solutions against cybercrimes. But despite this, we should and can minimise the risks and be vigilant against threats to our organisations.

It is imperative that organisations update themselves with the latest tools and counter-measures against cybercrimes. But what can you do when you are actually hit by a cyber-attack? 

You will need an Action Plan which can be rolled out immediately for damage-control. 

For example, a phishing email got into your email system – a common one nowadays would be an email pretending to be from Microsoft asking you to update your computer’s email system. 

– Once opened, the scammers will be able to obtain your office email system’s password

– Subsequently, they are able to infiltrate your email system without your knowledge

– They study and monitor correspondences (emails) in the office for a while

– Finally, they choose a target and devise a plan to cheat the organisation

– In one case that we had dealt with, they pretended to be the CFO and sent out instructions using the CFO’s email account

– To ensure that the CFO remained unaware of this email, they cut off the return route of the said email by manipulating the email system – the CFO did not know the scammers were sending out emails in his name

– The email contained fake communications between the CFO and the Chairman about some payments to be made to an account

– The same email from the CFO asked for payments to be made to a specific account for an investment to be made

– The treasury department made the payment upon the receipt of the fake email as it was urgent and the CFO was out of town

As we know, preventive measures are a must, but as these are not infallible, one must have an effective Action Plan to react quickly and effectively when under attack. This will help you to carry out damage-control and ensure minimal financial losses to your organisation. Depending on the situation that arises, there are variations to such plans. Above is a classic example of a plan you can adopt when you know you have been hit by a cyber-attack. This was adapted from a case where our client was guided to take these measures and recovered 90% of a multi-million-dollar scam that was carried out.


The Action Plan

Step 1: Immediately call the banks to stop all transactions (both your bank and the scam’s bank). Inform them that you are a victim of a scam. Record the conversation with bank officers where possible. Record bank officers’ names, time and date of conversation, etc.

Step 2: Lodge a police report in Singapore and at the jurisdiction where the scam’s bank account is situated.

Step 3: Lodge a Suspicious Transaction Report (STR), in both Singapore and the other jurisdiction. 

Step 4: Immediately forward all reports to the banks involved. Record this event too. Forward all reports to MAS and the relevant monetary authority of the other jurisdiction. 

Step 5: Immediately notify your IT department to change the admin password of your office email admin system. Keep the admin password to a select few until a proper check is carried out to identify where and how the phishing email had infiltrated the office’s email system.

Step 6: Inform the legal department to commence communication to banks to demand the refund of proceeds in the said bank’s accounts. Copy this to the relevant police departments.

Step 7: Engage cyber specialists (RHT Intelligence Network) to investigate how the cyber-attack had taken place:

– Was there collusion between someone in company with the scam group?

– Was it through a phishing email?

– Was it through a fake Wi-Fi in a public place?

– Who or which department was likely to be the target?

The investigations can help the affected organisation to prevent future lapses. It can also identify the target(s) of the cyber-attack and support civil and criminal proceedings.