Management Consulting

Upon investigation into suspicious emails from a global management consulting firm’s employee account, Aon discovered that an external threat actor had repeatedly accessed the MFA-enabled account, exemplifying a classic case of Business Email Compromise (BEC). The investigation revealed that the employee, due to receiving numerous MFA prompts throughout the day, had developed a habit of approving these requests without scrutiny. This behavior allowed the attacker to gain access to sensitive financial information, particularly because the compromised employee was from the finance department, which routinely handled money transfers. Fortunately, the consulting firm had implemented robust financial controls that mandated multiple levels of approval for setting up new accounts and processing payments. This security measure not only thwarted the fraudulent transaction attempt but also enabled the firm to detect the attack promptly. The case underscores the importance of not only having MFA in place but also ensuring that organizations maintain stringent financial controls to mitigate the risks associated with MFA fatigue and potential bypass attacks. To further enhance their defenses against evolving cyber threats, Aon recommends that organizations adopt a "defend forward" approach to cyber risk. This includes implementing hardware MFA solutions, enabling number matching on authenticator apps, setting limits on MFA push notifications, and providing comprehensive training to users about the actions that require MFA authentication. By adopting these strategies, organizations can better protect themselves against the sophisticated tactics employed by cybercriminals.