Change language
Change country

Kyocera solves the riddle of the man-in-the-middle

Cyber team helps protect one of our customers by disrupting a man-in-the-middle (MitM) phishing attack.
Kyocera solves the riddle of the man-in-the-middle

Kyocera’s cybersecurity team recently helped protect one of our customers by disrupting a man-in-the-middle (MitM) phishing attack and identifying compromised email accounts.

The team were alerted by a customer employee that they had received a suspicious email from a colleague. During their investigation, the team discovered that this was in fact a phishing email, and the cloud-hosted document it claimed to link to was actually a cloned page, created by the attacker to appear like a legitimate login page, which would execute malicious operations. With login details entered, this page hosted on the attacker’s server would trigger a real multi-factor authentication (MFA) request which, unbeknownst to the user, would then grant the attacker - intercepting the user’s session -  total access to their user account.

Our cybersecurity team realised immediately that the colleague’s account was compromised, and immediately informed the customer and took action to restore security and remediate all compromised user accounts. We helped them put out an awareness email to their staff to educate them and increase their security vigilance. In addition, we restricted non-UK traffic to their network, blacklisted the malicious URL that had been contained within the phishing email, blocked the related IP addresses, and purged all phishing emails from the customer environment.

As a result, we were able to prevent further customer accounts from being compromised and ensure the customer went forward with a stronger security posture.

This story highlights the importance of having trained cybersecurity professionals available to investigate and quickly remediate issues, as well as the importance of human awareness, training and caution in preventing accounts from being compromised in the first place. 

If you receive an email that you were not expecting or that seems suspicious, even if appears to be from a colleague, which includes links or requests to divulge confidential information, speak to your colleague to check its veracity or report it as suspicious to your IT team immediately so they can investigate. Awareness and good judgement on the part of employees is just as crucial to ensuring an organisation’s security as the latest cybersecurity technology.

If you do believe a link to a document or other file hosted online is legitimate, when you reach the login page, have a look at the URL in your browser window to check before entering your details. Although cybercriminals running MitM attacks will do their best to fool you, the web address will never exactly match that used by Microsoft or Google, for example.

 

Learn more about our Cybersecurity services

Cookies and your privacy

We use essential cookies to make interactions with our website easy and effective, statistical cookies for us to better understand how our website is used and marketing cookies to tailor advertising for you. You can select your cookie preferences using the 'Preferences' button below, or select 'I agree' to continue with all cookies.

Cookie preferences

Field is required

We use cookies to make sure that our website is working properly or, occasionally, to provide a service on your request (such as managing your cookie preferences). These cookies are always active unless you set your browser to block them, which may prevent some parts of the website from working as expected.

Field is required

These cookies allow us to measure and improve the performance of our website.

Field is required

These cookies are only placed in case you give your consent. We use Marketing cookies to follow how you click and visit our websites in order to show you content based on your interests and to show you personalised advertisement. Currently you do not accept these cookies. Please check this box if you would like to.