Hackers stole approximately 500K from the city of Tallahassee, Florida, by diverting city employees’ paychecks. The attackers hacked a third-party vendor that provides the city’s payroll services, and then redirected direct deposit payments to attacker-controlled accounts.
Tallahassee officials learned about the attack after they were contacted by the city’s bank. The incident is still under investigation; however, Alison Faris the city spokewoman stated that the attack is suspected to have originated outside of the US.
According to City officials, attackers are trying to compromise the city’s defenses every day, and last month a malicious Dropbox link was sent out from the email account of the city manager. Officials don’t believe this attack was related to the payroll theft, although IT experts noted that this type of phishing attack is often a precursor to more advanced attacks.
Blake Dowling, CEO of Aegis Business Technologies, states that usually the way they get in is through email.
Even secure networks are vulnerable to employees making a simple mistake and accidentally opening the door to an attacker. Supply-chain attacks such as this one can have far-reaching impacts that can cripple a vendor’s reputation. New-school security awareness training can help your employees defend themselves against phishing attacks. Learn more about Layer 7 Data Solutions Security Awareness training program: http://layer7data.com/SecurityAwareness