18.6 C
Munich
Wednesday, July 28, 2021

Spooked by website hacking, ad firm beefs up security, stops using default passwords, Tech News News & Top Stories

Must read

SEC Weighs Making Companies Liable for Climate Disclosures

WASHINGTON—Public companies could be required to disclose climate-change related risks to investors in regulatory filings...

Raptors keeping options open heading in to draft

By Staff The Canadian Press Posted July 28, 2021 1:07 pm Smaller font Descrease article font size -A Larger font Increase article font size A+

Canadiens team owner Geoff Molson says they let fans down by drafting Logan Mailloux

Montreal Canadiens owner Geoff Molson has apologized for the “offensive” decision to draft defenceman Logan Mailloux, who was charged with sharing non-consensual sexually explicit...

SINGAPORE – A simple, default password shared by employees was possibly the weak link that allowed hackers to break into advertising and creative agency Splash Productions’ website and deface it.

The incident, which happened about five to six years ago, was a wake-up call that spurred the company to drastically improve its cyber security with a slew of measures to avoid a repeat.

This included getting physical security keys for staff to act as a two-factor authentication (2FA) to log into work devices, enforcing the use of strong passwords, encrypting data on computers, and setting up security software to detect suspicious activities.

The company’s creative director, Mr Stanley Yap, told The Straits Times that these investments were necessary.

Even though the firm’s website hacking incident did not result in too much damage – there was no financial loss, some lost data was recovered from backups and its clients faced some inconvenience trying to find out about Splash – the company did not want to become an easy target for cyber crooks.

“As a partner and vendor, we should keep our security strong so that we don’t become the loophole for hackers to take over our clients’ microsites, websites or social media platforms (which we manage),” explained Mr Yap. “It’s not just about our work but our clients’ platforms as well.”

Splash has done work for many government agencies and businesses.

And the password that might have been at the root of the firm’s hacking incident? It was likely the default password “admin”, which Splash did not change at the time.

BH Global is another company that took steps to protect itself after a security scare.

The supplier of electrical products to the marine and offshore sector had nearly fallen for a sophisticated phishing scam in which crooks posed as a vendor the firm often worked with.

Mr Patrick Lim, group chief operating officer of BH Global, said that about nine to 10 years ago, a regular supplier from China had, out of the blue, requested for advance payment over e-mail.

When questioned by Mr Lim, the “supplier” explained over e-mail that he needed the money earlier because his cashflow was tight.

The crooks were able to produce a legitimate-looking invoice that followed the same formatting for such documents that BH Global was familiar with and even cited products that the company usually bought from the supplier. This made it seem less likely to be a fake request.

Thinking nothing was amiss – Mr Lim also checked the supplier’s e-mail address many times and it was correct – he asked his firm’s finance department to make the payment of about US$80,000 (S$108,000).

But later in the day, the bank processing the payment called to alert BH Global that it was unusual for a supplier from China to have an account in Canada for accepting payments.

Mr Lim realised he had been duped and the payment was cancelled. He later found out the supplier had been hacked and crooks were impersonating him to trick others with fraudulent payment requests.

Determined to prevent history from repeating itself, BH Global realised that in trying to protect itself, it could offer cyber-security services to other companies too.

So about two years after the phishing incident, BH Global set up Athena Dynamics, which was spun out of the firm’s group IT department.

One method the firm uses to help minimise hard-to-detect phishing attacks involves crushing any malware hidden in files by converting them into another file format and then converting them back.

Such “detectionless sanitisation” technology, that does not depend on detecting suspicious activity, can be used to “cleanse” e-mail attachments of malware.

Still, Mr Lim said: “Educating staff is also very important – not opening attachments and how to identify wrong e-mail addresses.”

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

SEC Weighs Making Companies Liable for Climate Disclosures

WASHINGTON—Public companies could be required to disclose climate-change related risks to investors in regulatory filings...

Raptors keeping options open heading in to draft

By Staff The Canadian Press Posted July 28, 2021 1:07 pm Smaller font Descrease article font size -A Larger font Increase article font size A+

Canadiens team owner Geoff Molson says they let fans down by drafting Logan Mailloux

Montreal Canadiens owner Geoff Molson has apologized for the “offensive” decision to draft defenceman Logan Mailloux, who was charged with sharing non-consensual sexually explicit...

Google’s Costs Have Catching Up to Do

Google’s great quarter may have been a little too great. ...