Security newsflash: Network intrusion detected & Investigation underway.

Aug 16 , 2022

Security newsflash: Network intrusion detected & Investigation underway.

Overview:

  • We had a network intrusion the weekend.
  • Our Encrypted SIM service was not affected by this at all(its hosted abroad)
  • There has been no data loss on initial investigation & as a mitigation strategy we only keep the bare minimum anyway 
  • We are experiencing significant delays processing orders as all equipment required cleansing.
What is this about?
This is a security update to advise on a data breach discovered on Friday. Our network has been penetrated and the perpetrators have been hiding within the network, both monitoring our traffic & actively changing files. The attack is the most sophisticated I have seen.

Why have you not swept it under the carpet?
Whilst we have a legal obligation to disclose this; I am of the opinion most firms ignore this in the belief it will bring negative PR. However, having trained as a soldier & a keen martial artist I've come to firmly believe that your security is based on trusting the man next to you. The moment that trust slips then questions erode the security. SO in this instance our integrity must also show the bad with the good so you can make an informed decision.

I thought you didn't get hacked?!?
Due to our work, we are always higher value target than a regular firm. Credit where credit is due, our password policy of not recycling passwords and keeping them in a password safe slowed down the attacked by a magnitude of 100. Our strategic use of not keeping data & locking devices helped keep the attackers out.

How bad is it?
On the face of it, it sounds quite bad, however I can assure you our security precautions have slowed down the attack considerable meaning their final goal has been stopped and dangers mitigated.

Has any client data been lost?
At this stage it is too early to say however the patterns emerging appear to indicate that this is not the main focus.What we can advise is that we do not keep any client data in house beyond what is required to complete transactions i.e. contact details and address.We do not keep client data beyond what is absolutely necessary so client do not need to worry.

Is there anything I need to be aware of?
We feel the biggest risk is scammers calling clients with offers of fake deals. Please ensure any calls or emails from us are genuine before conducting business.

Wow-how did this happen?
Initially investigations have indicated the hackers compromised our router before moving onto our computers (and making use of a novel vulnerability on Dells Diagnostics tool). ONce of system was breached, it appears they  reprogrammed the router to push malware onto near by. 

What are we doing about it?
We are operating at a limited rate just now whilst we investigate the attack. On initial discovery we removed all infected devices from the network and then most of the network too. Whilst the damage has been reasonable to moderate (due to how time consuming it was)

Due to the scale of the attack plus the unknown variables I am making forensic copies of all drives & retiring the comprised network. Regarding our working machines; we have removed all hard drives and will replace them to ensure a secondary attack doesn't happen through malignant files lying dormant.

Final thoughts on the topic:
No client orders have been impacted by this but delays have occurd in manufacting. Please get in touch should you have any further concerns. 

Lastly, we are seeking the help of hackers & other brainiac clients working on the side of god to assist to assist in establishing the attack origins - thankfully, we keep good relations with the "red team" & should evidence point to another firm we will pursue the matter using all channels available to us.