{"id":13268,"date":"2025-02-07T09:59:00","date_gmt":"2025-02-06T20:59:00","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=13268"},"modified":"2025-02-07T09:59:00","modified_gmt":"2025-02-06T20:59:00","slug":"that-day-when-a-kinetics-client-didnt-get-hacked","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=13268","title":{"rendered":"That day when a Kinetics client DIDN\u2019T get hacked."},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

We\u2019ve just wrapped up a security investigation for one of our amazing clients.\u00a0 All of our clients are amazing, but as you read this story, you\u2019ll see why we\u2019re especially proud of this client.<\/p>\n

We\u2019ve anonymised it out of respect, although this story reflects really well on our customer.<\/p>\n

They work in law, and provide property services to clients locally and around the world.\u00a0 One of their senior people had been corresponding via email with a new client over several days, discussing property law and providing service quotes.\u00a0 After gaining the trust of our client, their correspondent sent a link to what they claimed were documents related to their property.<\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”1_2″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

Client 1: Hacker 0<\/h2>\n

Thankfully, our client was suspicious of the link.\u00a0 That\u2019s a testament to our effective security training. Upon investigating, we discovered the link directed to a SharePoint site hosting a OneNote page belonging to a law firm based in the UK. The OneNote page contained a link to a PDF, which, when clicked, opened a Microsoft login phishing site. This site was prepopulated with our client\u2019s email address in an attempt to steal their password.<\/p>\n

It appears the UK-based law firm had fallen victim to the same phishing attack, and their infrastructure is now being used as part of the attacker\u2019s operation.<\/strong><\/p>\n

We\u2019re genuinely proud of the robust security measures we provide our customers. Kinetics KARE Foundation <\/a>blocked access to the malicious site, and our web browser protection flagged the active threat immediately. Additionally, our stringent conditional access policies and MFA protections ensured that even if the client had clicked the link, we\u2019re confident their account would have remained secure.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_image src="https:\/\/new.kinetics.co.nz\/wp-content\/uploads\/2025\/02\/Phisherman.jpeg" title_text="Phisherman" _builder_version="4.27.4" _module_preset="default" border_radii="on|30px|30px|30px|30px" box_shadow_style="preset1" global_colors_info="{}" theme_builder_area="post_content"][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_text _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"]<\/p>\n

Three different security layers came together.<\/h2>\n

These were our training and awareness program, our email scanning and our browser behaviour scanning.\u00a0\u00a0 They were all in place and effective.\u00a0 Interestingly, one layer, our DNS filter, did not detect this risk because the compromised site was too recent and hadn\u2019t been reported at the time.\u00a0\u00a0 Fortunately, the other security layers caught the risk and protected our client.\u00a0 There was no way they were going to fall victim to this fraud in the same way that the UK law firm had.<\/p>\n

This was a sophisticated attack.\u00a0 The hacker had spent the time to prepare their trap.\u00a0 They were plausible and built up trust, and they used a law firm to target our client, like any one of a number of legitimate requests this client receives.\u00a0 They were clever, but fortunately not clever enough.<\/p>\n

Our lessons:<\/h3>\n
    \n
  • Multiple security layers are a must. If one fails, the others will still be working<\/li>\n
  • Be vigilant at all times<\/li>\n
  • Hackers are investing time and working to bait victims with very plausible lures.<\/li>\n<\/ul>\n

     <\/p>\n

     <\/p>\n

    [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

    We\u2019ve just wrapped up a security investigation for one of our amazing clients.\u00a0 All of our clients are amazing, but as you read this story, you\u2019ll see why we\u2019re especially proud of this client. We\u2019ve anonymised it out of respect, although this story reflects really well on our customer. They work in law, and provide […]<\/p>\n","protected":false},"author":5,"featured_media":13269,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-13268","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/13268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13268"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/13268\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}