Shownotes
A locked account. A routine help desk call. A password reset that appeared to follow the process.
Then $24 million in insurance payments went to the wrong account.
In this episode of Behind the Breach, host Amber Wuollet follows an anonymized healthcare scenario involving a large organization where a threat actor gains access through a help desk call, moves through internal systems, and changes payment information inside an insurance portal.
She’s joined by DJ Hoeksema, Head of Managed Security Services at SpearTip, a Zurich company, to walk through how the incident unfolded — from the initial password reset, to the payment diversion, to the investigation that followed.
Together, they explore why identity-based attacks can be difficult to detect, how attackers take advantage of trusted workflows, and what organizations can learn from a case where each individual step appeared routine until the financial impact became impossible to ignore.
In this episode:
- Why social engineering is effective against help desk workflows
- How exposed personal information can weaken identity verification
- What threat actors look for once they gain access to an account
- Why changes inside business portals can be difficult to detect
- How delayed discovery can make fund recovery harder
- What incident responders look for when reconstructing the timeline
- How organizations can strengthen help desk processes after an incident
Behind the Breach is a Cowbell podcast exploring what happens inside a cyber incident — and what organizations can learn before one happens to them.
Guest: DJ Hoeksema, Head of Managed Security Services, SpearTip, a Zurich company
Host: Amber Wuollet, Director of Product & Lifecycle Marketing, Cowbell
Disclaimer: This episode is for informational purposes only and does not constitute legal, insurance, or cybersecurity advice.