Monash IVF Malicious Email Compromise Was Completely Avoidable
- business email compromise attack, Cyber Security, DMARC Compliance, dmarc reports, email authentication, email reputation, email sender check, trusted sender, trusted sender score
Late Tuesday, November 5th, the night of the Melbourne Cup and early into Wednesday morning, Melbourne came under cyber-attack.
Our security team received an alert at 2:07am (Wednesday, November 6th) notifying us of an unusually high volume of attempts to brute force client accounts, flood our SMTP gateway as well as attacking our internal storage devices.
These attacks are not unusual, however this attack was very high in volume and frequency with each wave. We were not compromised and nor our client accounts.
In our review after things stabilised we were able to confirm that the attackers had tried to SPOOF our zululabs.com domain using IP addresses from the IP range used in the attack.
The Zulu Trusted Sender DMARC Reports showed that attempts to use our email domain failed due to our complaint DMARC record and implementation of only double check conformance.
Monash IVF Domain Fails Trusted Sender Score
At approximately the same time as we were under attack, Monash IVF was also attacked however Monash IVF was compromised. The attack used malicious email(s) to gain the access they required and it is assumed due to the mandatory reporting requirements of the Australian Data Protection laws that personal data was accessed. You can read the ABC News article here.
The first thing we checked was their Trusted Sender Score for the domain monashivf.com and found that Monash IVF had not protected their domain from attack. Below you can see their Trusted Sender Score. A domain is required to be a 7/10 or above to be deemed safe.
Conclusive Next Steps
Given the nature of the compromise and the comparable outcome and circumstances to our simultaneous attack Monash IVF would most likely not have been compromised if the Trusted Sender Program was implemented correctly.
For circumstances such as these we have the business rescue kit available for free, click on the button above. The rescue kit provides clear next steps and some template policies for organizations that have suffered from such an attack
Melbourne IVF has a lot of personal information that would be very important to the participants of the IVF program. If the installed ransomware onto the network the price to unlock the ransomed data would be significant.
We think it is worthy to note that if asked, we would advise their insurer that Melbourne IVF had not taken the correct steps to protect their domain from such an attack.
Trusted Sender has all of the functions you need to protect your email domain, protect you staff as well as other email users. Implementations can be difficult with the stakes high if you get it wrong. Remember that even good email can get blocked.
Please feel free to reach out and speak to one of our team if we can be of any assistance.