Already been involved in reviewing incidents like this too many times. Any account at any org adds credibility to a request to change bank account, for paying an invoice, changing details on salary, or expenses, when sent to another organisation, or internally.
I think of it as the transformation from "correctly secured", to "limited by attacker's imagination and skill".
2FA isn't a cure all but Microsoft were saying it cures >99% in practice (that figure may be falling fast but still).
------------------------------
Simon Waters
Founder
Insufficient Entropy
------------------------------
Original Message:
Sent: Aug 03, 2021 08:31:54 AM
From: Olivia Rempe
Subject: #TechTopicTuesday
#TechTopicTuesday Account Takeover: A cyber attack in which the hacker spends extended periods of time dormant in a compromised account, spreading silently until they have access to information that is valuable to them. They may use the account to attack other organizations.
True or False: The average person is not "important" enough to be valuable to an attacker.
------------------------------
Olivia Rempe
------------------------------