We were asked by company A, which has decided to conduct an audit of corporate security, knowing that, information is leaked to the corporate e-mail. Among A VPN and mail services that meet a high level of security audit information security was conducted, it is set. At the same time, according to the director, information leakage has not stopped, and after the audit.
Company ProtectMaster conducted additional audits, during which it was discovered that the so-called leakage occurred with the personal mail of one of the top managers, which he forgot to point out during the audit, and, moreover, continued to use for business purposes.
As it turned out later, the attacker regularly visited the same coffee shop, located next to the office of the company A, where dined top manager. The attacker, once intercepting authentication data to access mail.
Once learned, that used personal e-mail, found that the input side is carried out in a cafe. two-factor authentication and the necessary security policy has been set up to address top manager.
To calculate the attacker, ProtectMaster employee went to the same cafe at lunch time top manager and asked to be left on the administration, while the program is sniffing the network detection was put on it. As expected, the attacker went back to the cafe, because I thought that just changed the password, and decided to once again try to intercept the data. Malice was a former employee of the company. All information has been transferred to the customer to take appropriate decisions.