An African embassy is understood to have been breached for ten days in February, with cyber criminals gaining access to passwords, emails and data.
Andy Norton, intelligence threat director of Lastline, a malware protection provider, said: “We track infections from sophisticated tools. In the course of our investigation, one of the tools compromised was an African ambassador based out of Dublin.”
He added: “They were able to comprise email passwords and website passwords, which depending on the threat actor, can be used for the purposes of espionage, financial gain or a number of other purposes. Whoever perpetrated the breach would have been able to log in as the ambassador and send emails as the ambassador.
“They would have had access to read conversations or view any electronic information that was on their system. So they would have full access to the politically sensitive information.”
For security reasons, Norton could not reveal the country that was attacked. It says the breach has been rectified but added: “The potential for harm is certainly there.”
This is why organisations need layered security. An essential layer is penetration testing to root out vulnerabilities before cyber criminals have a chance to exploit them.
Penetration tests involve a professional tester, working on behalf of an organisation, looking for network and application vulnerabilities in the same way a criminal hacker would. By identifying and addressing vulnerabilities, ideally before releasing the product being tested, organisations can avoid having to patch software and, more importantly, prevent a cyber criminal from discovering the vulnerability.
IT Governance is a CREST-accredited provider of penetration tests. We offer a range of services to help organisations of all sizes manage their cyber security strategies.