Domino Effect: Halting Cyber Breaches in Their Tracks

In today’s interconnected world, cyber threats are evolving rapidly. One such threat, which we’ve termed the “Domino Attack,” can have devastating consequences if not addressed promptly. This article outlines the immediate steps to take when under such an attack and how to prevent it from impacting your company.

Understanding the Domino Attack

The Domino Attack is a multi-phase cyber threat that exploits trust relationships within your organization. The attack progresses through distinct phases, each building on the success of the previous one. Interrupting this sequence early is crucial to minimizing damage.

Phase 1: Initial Compromise

The attack often begins with a seemingly innocuous email from a trusted vendor. For example, an employee might receive an email from Finance@IronCladCookware.com asking them to review a password-protected invoice. However, the email domain might be slightly altered, such as Finance@IronCldCookware.com, missing a single letter. Once the employee logs in, their credentials are stolen, giving hackers access to the company’s email system.

Phase 2: Registering a Look-Alike Domain

Hackers register a domain name that closely resembles the targeted company’s domain. This look-alike domain is used as a base for further attacks, making it difficult for employees to distinguish between legitimate and malicious emails.

Phase 3: Exploiting Trust Relationships

Using the compromised email account, hackers send emails to vendors, clients, and other contacts, exploiting the trust relationship. These emails often contain malicious links or attachments designed to steal credentials or install malware. The effectiveness of this phase lies in the fact that the emails appear to come from a trusted source.

Phase 4: The Domino Effect

As more people fall victim to the attack, the hackers gain access to additional email accounts, spreading the breach across multiple organizations. This is known as the Domino Effect, where the initial compromise leads to a cascade of further breaches.

Immediate Steps to Take

If your company is under a Domino Attack, follow these steps to mitigate the damage:

Step #1: Send a quick response email to all contacts, informing them of the bogus domain and the targeted attacks.
Step #2: Research the ISP of the newly registered domain name and send an abuse complaint about the phishing attack. Request that the domain be taken down immediately.

Preventive Measures

To prevent the Domino Attack from impacting your company, implement the following protective measures:

Basic Protection

Enable Multi-Factor Authentication (MFA) on all email accounts within your domain. This prevents hackers from accessing email accounts even if they have stolen credentials.
Train your employees to be vigilant about examining sender names and domain names in emails.
Regularly test your users with phishing emails to keep them alert and prepared.
Establish policies that outline requirements for training, information handling, mobile device management, and more.

Enhanced Protection

Implement financial safeguard policies that require verbal confirmation of all ACH and wire transfer instructions over the phone. Changed instructions should never be accepted via email.
Use a purpose-built SPAM filter that can examine emails and block SPAM designed to breach credentials.

Advanced Protection

Enable email filters to block look-alike domains (domains with 3 or fewer letter differences from your domain name).
Reject emails from domains less than N days old, where N is typically less than 2 weeks or 14 days but could be as much as 30 to 45 days.
Reject emails sent from foreign countries if your business only deals with North American vendors and clients.