|

Wanneer cyberbeveiliging comedy ontmoet: het merkwaardige geval van de verdwijnende rapporten bij MailStreet

In the world of cybersecurity, things don’t always go as planned, and sometimes they take a turn towards the comically unexpected. We at SecDesk had such an experience with our client, MailStreet, which taught us an important lesson and gave us a good chuckle. Here’s what happened:

The Disappearing Act of the Penetration Test Report

After completing a thorough penetration test for MailStreet, we followed our standard procedure: compiling a detailed report with findings, business risks, and management summaries. We sent this report to MailStreet, along with our invoice, confident in the professionalism and thoroughness of our work. However, a curious thing happened. MailStreet reached out to us, puzzled about not receiving the report. Slightly confused, we sent it again, only to face the same mystery – the report seemed to vanish into thin air.

The Investigation Unfolds

We checked our inboxes, scrutinized Microsoft mail error logs, but found no clues. The plot thickened when a simple check email without the report attachment successfully reached MailStreet. The report, however, stubbornly refused to be delivered. In various attempts to bypass what we suspected to be a filtering issue, we tried sending the report in different formats – zipped, PDF, Word – always encrypted, of course. But to our growing frustration and MailStreet’s dismay, nothing worked.

Eureka! The Culprit Revealed

Determined to solve this mystery, we went back to square one. It wasn’t the client’s end causing the issue, so the report itself had to be the problem. After successfully sending other PDFs within our team, we tried the specific report… and hit the same wall again. The report was the culprit! Digging deeper into the contents of our report, we stumbled upon the root of the problem almost by accident. Our report mentioned the link to EICAR test files – standard files used to test antivirus and anti-malware software. It turns out, even the mere mention of these links was enough to trigger email filtering systems, effectively blackholing our report.

The Resolution

The solution? We finally bypassed this invisible barrier by zipping the report with a password and sending it over. Success at last!

Lessons Learned and the Bigger Picture

This incident was a stark reminder of the complex interplay between cybersecurity measures and everyday business processes:

  1. The Unseen Hand of Cybersecurity Protocols: Often, robust cybersecurity measures work silently in the background, so much so that we forget they’re there – until they start working a bit too well!
  2. Importance of Flexibility in Communication: In cybersecurity, sometimes you need to think outside the inbox. Traditional methods don’t always work, and adaptability is key.
  3. A Reminder for Security Awareness: This episode highlights how even benign content can be perceived as a threat. It underscores the need for ongoing vigilance and awareness in the ever-evolving landscape of cybersecurity.

This article

MailStreet has generously given their permission to publish this article and using their name for which we want to thank them! MailStreet: Your partner for omnichannel communication and fulfillment!

Terug naar overzicht