From Compromise to Containment
How TSFMP Prevented a Financial Breach
Cybercriminals launched a complex attack on Company A’s Australian branch, aiming to infiltrate financial operations through deception and fraud. At the same time, the attackers attempted to breach their New Zealand branch using identical tactics.
Explore the full story below to see how TSFMP helped protect them.
What Happened?
Company A’s Australian branch experienced a sophisticated cyber-attack involving phishing, credential theft, and invoice fraud. The attacker exploited a file sharing platform to deliver malicious files that bypassed standard email filters. Using specialised tools, the attackers mapped out employee relationships and identified those with authority to approve invoices and authorise payments, enabling them to redirect legitimate payments to fraudulent accounts.
Simultaneously with the attack on the Australian branch, the perpetrators launched an identical breach attempt against the New Zealand branch, aiming to replicate their tactics and compromise systems in both locations at once. However, since the New Zealand branch is managed by Think I.T. and safeguarded by the Think Secure File & Mail Protection (TSFMP) solution, their efforts were quickly detected and blocked, preventing any further compromise.
Incident Summary
- Attack Complexity: High
- Process: File sharing platform phishing → credential theft via EvilProxy → relationship mapping → invoice fraud
- Impact: A payment was made to a criminal controlled account. Company A was fortunate to be able to recover the payment through their banking partner, but it could have resulted in a significant financial loss.
- Detection: Think I.T.’s TSFMP solution flagged suspicious login attempts and blocked access before the attacker could escalate in the NZ branch.
How TSFMP Stopped the Attack
Key Protective Features
- False Travel Detection: TSFMP flagged a login attempt from the US just one hour after a NZ login, an impossible travel scenario, triggering immediate access revocation.
- Advanced Threat Prevention: TSFMP blocked the phishing email before it reached the inbox, identifying the file sharing platform’s link as suspicious.
- Cloud-Native Integration: TSFMP’s integration with M365 allowed it to monitor and block malicious app attachments and unauthorised access attempts.
- Geo-Blocking & MFA Enforcement: Post-incident, Think I.T. implemented geo-blocking and mandatory MFA to further harden the environment.
This incident highlights how a layered, intelligent email and collaboration security solution like TSFMP can make the difference between a near miss and a costly breach. If your organisation isn’t currently using TSFMP, we’d love to help you explore how it can strengthen your cyber resilience.
Get in touch to learn more.