The Challenge
A 15-person law firm was dealing with nonstop fraudulent bank and credit card activity. They had cybersecurity monitoring through their MSP, but the MSP’s anti-virus was inadequate and failed to detect the threat. The firm tried to contain the damage by changing bank accounts and credit card numbers multiple times, but the fraud kept coming back.
What Happened
The attacker’s foothold was hiding in plain sight: a malicious Excel macro on the finance manager’s laptop.
Each time the firm created new account numbers, the finance manager updated an Excel spreadsheet to track them. The macro was scraping data from Excel files, so every “new” account number was immediately harvested and sent back to the attacker.
Result: the firm kept changing numbers, and the attacker kept getting the updated numbers. It was basically a subscription service, just not the one anyone wanted. Why It Matters
Changing bank accounts does not solve the problem if the device that generates and stores those numbers is compromised. Without proper endpoint protection and macro controls, the attacker can stay in the
loop indefinitely.
Gipson Cyber’s Response:
→ Began investigation immediately
→ Root cause ID’d within 1 hour
→ Eradicated the malicious macro
→ Stopped the data breach
The Outcome
- The fraud cycle stopped after eradication.
- The laptop was cleaned and validated.
- Risk is locked down to prevent recurrence.
- Monitoring controls strengthened
[/ux_text]