This episode provides a detailed blow-by-blow account of an actual cyberattack against a customer, beginning at 11:10 PM on a Saturday night when the Security Operations Center alerted the team to a breach. Ninety per cent of SME breaches are email based – fraud, phishing, Business Email Compromise. This attack was different. Sophisticated, multisite, and clearly pre planned with rapid execution. We walk through the attack, the defence and what worked for defendign the network.
Sophisticated SME Cyber Attack
The attack involved compromised credentials being used to access point-of-sale PCs via Remote Desktop Protocol. The attacker’s tactics included enabling RDP, installing Radmin VPN, running Mimikatz to dump credentials from memory, scanning the network for additional targets, extracting saved browser passwords using WebBrowserPassView, and deleting security logs to cover their tracks. All of this started at 11 o’clock at night.
The situation escalated when a second PC at a different site was compromised within 60 minutes using the same user account—indicating a coordinated attack rather than isolated incident. Investigation revealed both machines were legacy POS systems that had been decommissioned six months earlier but remained connected to the network with external access enabled.
The episode explores attribution challenges (a Starlink IP address in Melbourne was identified as likely a jumping-off point), and the suspected motivation: a ransomware attack intercepted in its early stages before encryption could occur.
SME Cyber Attack Lessons Learnt
We discuss want went right, what went wrong and the one thing that went thing that saved the network from complete exploitation by the attacks in what was a quite sophisticated attack.
Trying to understand where your SME needs to be for Cyber Security? Look at our Free Essential 8 Self Evaluation tool.
Here is the ACSC Cyber Response Plan template. It is quite long and references resources that most SMEs won’t have access to, but it is a good start.
Check out the rest of our Cyber Security podcasts.