About the client
The identity of the client and the industry of the client will not be mentioned.
Case Study - Google Workspace Hack in 2024
Problem
My client asked me to evaluate an email that their customer said came from my client. My client insisted they did not send any such email.
We reviewed the email and the Google logs. We found out three things: First, the email did indeed originate from my client’s mailbox, but email was sent from outside the US. This confirmed the mailbox was hacked. Second, the logs also indicated the unauthorized user was in the system for months before the attack. Lastly, the hacker made many unauthorized changes to their Google Workspace including creating other accounts with super admin rights, disabling admin notifications of changes, any many many other changes.
Solution
We helped the client locate the compromised device, enable security measures to block the unauthorized user(s), and reverted all changes made by the unauthorized user(s).
Result
The problem has not occurred again since that time.
Backstory
This client manages their own system and our role is to support them in areas they cannot handle. We deployed most of the internal networking equipment, PCs and servers over the years. We mainly help the client with these areas. They setup and manage their own Google Workspace and other cloud services.
A big lesson that can be learned from this is to enable security measures and review system logs often. The hacker was in their system for months before anyone was the wiser, A review of the logs would have revealed this.
