In today's digital age, cybersecurity is paramount. Recently, TNL IT was engaged assisting a prominent law firm in the aftermath ofa severe cyber-attack that resulted in identity theft. Their story highlights the critical importance of robust cybersecurity measures and the swift, decisive actions taken by TNL IT to safeguard their operations.

The Initial Breach

The law firm initially engaged a specialised cyber security firm, to conduct a thorough investigation into the breach. Incident Response Report uncovered significant vulnerabilities within the firm's IT infrastructure, setting the stage for TNL IT's involvement. Our mission was threefold: immediate threat remediation, upgrading staff licensing and security model, and implementing Multi-Factor Authentication (MFA) across the board.

Our Immediate Response

1. Immediate remediation: Upon engagement, our first task was to neutralise the immediate threat. We worked diligently to secure the firm's IT     environment, ensuring no further breaches could occur.
2. Microsoft 365 E5 upgrade: We transitioned all staff members to the Microsoft 365 E5 licensing model, providing advanced security features essential for a     robust defence against cyber threats.
3. Enforcing MFA: We implemented and strictly enforced MFA across the law firm, adding an essential layer of security to protect against unauthorised access.

The Follow-Up Attack

The attackers struck again, this time by impersonating a domain name like the firm's original domain name. This sophisticated attack once again resulted in identity theft, necessitating an immediate and comprehensive response from TNL IT.

Steps Taken:

• Reporting the Incident: The law firm had previously reported the incident. We     ensured that this new issue was added to the existing incident report.
• Checking Account Security: Focused on securing the law firm’s tenant,     implementing further lockdown measures.
• Notifying Contacts: The law firm promptly contacted their client list, informing     them of the breach and advising on precautionary steps.
• Sending Takedown Requests: Our investigation identified multiple businesses     facilitating the hosting of the phishing domain. We reported the abuse to     Hostinger.com.au and Key-systems.net, requesting immediate takedown of the     malicious domain.
• Proactive Domain Acquisition: To prevent further impersonation attempts, we     proactively purchased domain names like the firm's, thereby closing off     potential avenues for the attackers.
• Strategic Planning: In collaboration with the law firm, we developed a strategic     plan to minimise the risk of future attacks, focusing on long-term     cybersecurity resilience.

Moving Forward

Our engagement with the law firm extends beyond immediate crisis management. Recognising the need for a durable solution, we have conducted a comprehensive review and redesign of their Azure and Microsoft 365 tenancy's security and compliance framework. This initiative fortified their defences against future threats and ensured a secure operating environment.

Conclusion

The experience of this law firm highlights the ever-present threat of cyber-attacks and the necessity of robust, proactive security measures. At TNL IT, we are committed to providing top-tier cyber security solutions, helping our clients navigate the complexities of the digital landscape and safeguard their critical assets.

For more information on how TNL IT can help protect your business, contact us today.

‍