• +48 786 088 383
  • 94-102 Lodz, Nowe Sady 4 lok.14
Logo ADQ

USE CASE #1
FROM AN OUTDATED SMARTPHONE
TO MASS SPAM FROM THE COMPANY DOMAIN

SEE OTHER USE CASES

TYPE OF ORGANIZATION

A service company operating on the Microsoft 365 ecosystem. The organization used
two-factor authentication (2FA), which gave a false sense of complete security, but did not have any system for central management of mobile devices (MDM).

SOURCES OF VULNERABILITY TO ATTACKS

  • One of the employees received a work call directly from the CEO, bypassing the IT department.
  • The device was not covered by cybersecurity policies or technical oversight.
  • An Android phone running an old, vulnerable version of the operating system served as the primary tool for receiving 2FA tokens for Microsoft 365.
  • No security software (e.g., ESET Mobile Security) or MDM/MAM management agent is installed on the smartphone.

INCIDENT

The criminals exploited known vulnerabilities in an outdated Android system. They took control of the device, which allowed them to obtain the user's login and password and steal the 2FA token directly from the infected phone.

The attackers then compromised the Microsoft 365 mailbox, using it to send mass spam abroad.

WHY WAS THE ATTACK SUCCESSFUL?

  • No updates: working on a buggy operating system.
  • Lack of visibility: the phone was off the IT department's radar, unprotected (no central management).
  • False sense of security: trusting 2FA without securing the end device.

EFFECTS OF THE INCIDENT

  • Communication blockage: anti-spam systems blocked the company account, paralyzing work.
  • Image crisis: risk of the domain being blacklisted (RBL), which means that emails may stop reaching customers for weeks.
  • Operational costs: the need for urgent analysis of Microsoft 365 logs and tedious restoration of account security

THE ROLE OF SOC ADQ: WHAT WOULD CHANGE?

  • Rapid anomaly detection: our analysts would immediately notice logins
    from unusual geographic locations.
  • Response to mass mailings: SOC would detect unusual outgoing traffic (spam)
    in real time, rather than only after external filters have blocked the servers.
  • Damage control: early alerts would allow for automatic or manual account blocking within minutes, rather than hours or days, protecting your domain's reputation.

KEY CONCLUSIONS:

  • If the phone on which you generate codes is infected, security ceases to exist.
  • Company phones must be subject to the same security requirements as laptops.
  • The SOC service increases visibility into what is happening in your cloud (M365) and dramatically reduces response time to intrusions.

Check your network for leaks free of charge

We start with a free audit: we check whether your infrastructure is ready for monitoring and identify the most important threats.

ARRANGE A FREE AUDIT FROM AN ADQ EXPERT
Use cases

Use cases: how SOC works and when you need it

USE CASE #2

How ransomware paralyzed a warehouse
with an outdated ERP system

LEARN MORE

USE CASE #3

Lack of control over authorizations leading to paralysis of the accounting office

LEARN MORE

USE CASE #4

One laptop, 200 points of sale,
and total paralysis – how ransomware
brought a nationwide retail chain to a standstill

LEARN MORE

USE CASE #5

Lack of monitoring leading to theft of funds from a company account
LEARN MORE
Logo ADQ

Our Adress

Nowe Sady 4 lok.14
94-102 Łódź

Call us

+48 786 088 383

Write to us

info@adq.com.pl

SOC

Products

Industries

About us

Privacy policy Cookies Cookie settings
© 2026 ADQ Technologies | Wszystkie prawa zastrzeżone