ITMG Insider Threat News – March 15, 2021

Sky Global Executive and Associate Indicted for Providing Encrypted Communication Devices to Help

SAN DIEGO – A federal grand jury today returned an indictment against the Chief Executive Officer and an associate of the Canada-based firm Sky Global on charges that they knowingly and intentionally participated in a criminal enterprise that facilitated the transnational importation and distribution of narcotics through the sale and service of encrypted communications devices. Jean-Francois Eap, Sky Global’s Chief Executive Officer, and Thomas Herdman, a former high-level distributor of Sky Global devices, are charged with a conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act (RICO).  Warrants were issued for their arrests today. According to the indictment, Sky Global’s devices are specifically designed to prevent law enforcement from actively monitoring the communications between members of transnational criminal organizations involved in drug trafficking and money laundering. As part of its services, Sky Global guarantees that messages stored on its devices can and will be remotely deleted by the company if the device is seized by law enforcement or otherwise compromised.

China to try two Canadians charged with espionage ‘soon’ -Global Times

China will “soon” hold its first trial for Canadians Michael Spavor and Michael Kovrig, who have been held in China since late 2018 and who were formally charged with espionage in June 2020, the Global Times reported, citing an unnamed source. The two men were arrested in December 2018 shortly after Huawei [HWT.UL] Chief Financial Officer Meng Wanzhou was arrested in Canada on a U.S. warrant. She faces charges of misleading HSBC Holdings Plc about the Chinese tech giant’s business dealings with Iran, which is under U.S. sanctions. Global Times, published by the official newspaper of China’s ruling Communist Party, did not say when the trial might take place or in which court. Hearings for the two Canadians had been delayed due to the COVID-19 outbreak, the paper said.

How Should the U.S. Respond to the SolarWinds and Microsoft Exchange Hacks?

Over the past two months, news has broken that Russia and China, the United States’s two primary geopolitical adversaries, have both executed major cyber operations against the networks of American companies and government agencies. On their faces, the two attacks share much in common. At least at this early stage, both appear to have been espionage operations designed to give foreign intelligence agencies access to sensitive targets and to steal emails, documents and other data that would be of value to the Russian and Chinese governments. Both attacks were far reaching, affecting tens of thousands of American networks and testing the limits of U.S cyber defense capabilities and the country’s broader cybersecurity strategy. Though the strategic goals of the two operations might be similar, the execution of these two attacks could not be more different—and when it comes to the United States’s response, these differences matter. In terms of its execution, the Russian campaign, known as the SolarWinds attack or Holiday Bear operation, was highly targeted and even quite responsible. But the Chinese campaign, which breached Microsoft Exchange servers, was unfocused and dangerous—and the U.S. should respond accordingly.

Security Start-up Verkada Suffers Breach of Over 150,000 Cameras

Verkada, a security start-up focused on cloud-based security cameras, disclosed suffering a major security breach; hackers gained access to over 150,000 security cameras. These cameras include those in Tesla factories, Cloudflare offices, Equinox gyms, hospitals, jails, schools, and police stations. Surprisingly, the hackers behind the attack actually announced their culpability on Twitter: Tillie Kottmann of the APT 69420 Arson Cats (a hacker collective) stated the intention was to demonstrate the vulnerability of the cloud-based cameras. Additionally, the group claims to have gained access to Verkada’s full video archive for all of its customers. According to reports, the hacker group gained this access via a privileged account, the username and password of which was available publicly on the Internet. This granted them the root access necessary to conduct the cyber-attack. At the time of writing, Verkada is attempting to regain control over their live feeds and archive.

Over two million corporate secrets detected on public GitHub in 2020

GitGuardian announced the results of its 2021 State of Secrets Sprawl on GitHub report. The report, which is based on GitGuardian’s constant monitoring of every single commit pushed to public GitHub, indicates an alarming growth of 20% year-over-year in the number of secrets found.  A growing volume of sensitive data – or secrets – such as API keys, private keys, certificates, username and passwords end up publicly exposed on GitHub, putting corporate security at risk as the vast majority of organizations are either ignoring the problem or poorly equipped to cope with it. According to the report, 12% of leaks on GitHub occur within public repositories owned by organizations and 85% of the leaks occur on developer’s personal repositories. Secrets present in all these repositories can be either personal or corporate and this is where the risk lies for organizations as some of their corporate secrets are exposed publicly through their current or former developer’s personal repositories.

Criminal Theft of Trade Secrets

Trade secrets are one of the four major types of intellectual property and have many unique features, a number of which we have covered in other blogs. Unlike patents, which can only be enforced by private parties in civil court, trade secret misappropriation can lead to criminal liability. This blog discusses the basic concepts surrounding the criminal theft of trade secrets.

Mitigate insider threats by focusing on people, process and technology

The pandemic has challenged CISOs worldwide to adapt their security strategies—often years early—to create a safe work-from-home environment. But this shift has caused a growing risk: the insider threat.  We often think of insider threats as malicious employees bent on doing harm. While that’s often the case, more than 60 percent are simply those of negligent employees. Their intentions are typically not bad, but employee mistakes can do profound damage to their employers. A 2020 Ponemon Institute study found that the average cost of insider threats rose 31 percent in just two years to $11.45 million. The frequency of incidents spiked 47 percent during the same time. The average time to contain an incident runs at 77 days, with incidents that took over 90 days to contain costing an average of $13.71 million-per-year to mitigate. The longer the time, the higher the risk. And most organizations are ill-prepared for this, as their security measures are commonly outward-facing.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading