ITMG Insider Threat News – November 30, 2020

Remote workers more at risk for social engineered deception and cyberattack

Social engineering is a term that refers to efforts by hackers and cybercriminals to use people — rather than technology — to gain access to sensitive systems and information. It’s a problem that information security experts have been wrestling with for years and one that, in the midst of COVID-19, has become both more prevalent and more challenging. According to Stanford economist Nicholas Bloom, “42 percent of the U.S. labor force [is] now working from home full-time.” In fact, he says: “Almost twice as many employees are working from home as at work.” According to an article in Harvard Business Review: “Since the outbreak of the pandemic, 75% of people say they feel more socially isolated, 67% of people report higher stress, 57% are feeling greater anxiety, and 53% say they feel more emotionally exhausted.” The data is based on a global study of more than 3700 employees in 10 industries conducted in March and April 2020. It’s important to note that it is now over seven months since these findings were published. Imagine how this same isolation, anxiety, and emotional exhaustion has been compounded by each passing week.

Proofpoint GM discusses insider threats in a “work-from-anywhere” reality

The recently released 2020 Cost of Insider Threats Global Report, collated by Proofpoint and Ponemon, examined the causes of insider threats within organisations, as well as how risk is being minimised. This research, which surveyed 204 organisations worldwide and examined over 4,000 incidents, defines insider threats as: A careless or negligent employee or contractor; A criminal or malicious insider; A credential thief. “With all the technology out there that is available, there is still a massive blind spot in security today,” said Rob Bolton, GM International, ITM Business Unit at Proofpoint. “In general, this is the visibility into the activity of the users and the risk that activity may introduce.

FBI Warns of Uptick in Ragnar Locker Ransomware Activity: Bureau Says the Attacks Are Hitting Many Sectors

The FBI has sent out a private industry alert warning about an increase in attacks using Ragnar Locker ransomware. Researchers first spotted Ragnar Locker in 2019. The FBI alert notes that its cyber division has been closely monitoring the malware since April, when its operators encrypted a large corporation’s files and demanded an $11 million ransom to avoid release of 10 terabytes of sensitive company data. “Since then, Ragnar Locker has been deployed against an increasing list of victims, including cloud service providers, communication, construction, travel and enterprise software companies,” according to the alert.

The Rise of Insider Threat-as-a-Service

When envisioning the threats to your organization, malicious nation states or greedy virtual thieves located halfway around the world might loom large. But what if the risk is an undercover employee? What if it’s a person who’s not even real? What if it’s the neighbor you never suspected? In 2021 we’re going to see threats emerge from unexpected places, and sometimes the call will be coming from inside the house. Insider Threat-as-a-service: In the past we’ve thought of “insider threats” as disgruntled employees who walk out of the building with proprietary information hidden in their briefcases. But today, your employees may be scattered around the world, you may hire them after only meeting via Zoom, and they may never step foot inside one of your offices. And today, you can buy almost anything on the dark web, including “trusted insiders”. In 2021, I expect to see organized cells of recruitment infiltrators offering specifically targeted means for bad actors to become trusted employees, with the goal of exfiltrating priceless IP. These “bad actors”, literally, will become deep undercover agents who fly through the interview process and pass all the hurdles your HR and security teams have in place to stop them.

Eight Steps To Building A Human-Centered Security Culture

Ransomware, phishing, social media scams, data leakage, insider threats, cloud security challenges and the majority of all data breaches have something in common: All of these rely on people serving as conduits. Cyber scammers frequently employ human psychology in their attack strategies, thriving on basic human traits like curiosity, fear, desire, rage and anxiety. Instead of addressing this core vulnerability, organizations tend to gravitate toward technological controls to secure their networks and systems. This tech-centered mindset has the tendency to deprioritize people on the threat scale. In fact, according to a recent Kaspersky study, only 52% of businesses believe they are at-risk from a cyber attack due to the human factor.

Federal Air Marshal Bosses Hit with Cease and Desist Orders for Creating an Insider Threat Risk

The Air Marshal National Council (AMNC), the exclusive voice of flying Federal Air Marshal’s, announced today that they have taken the unusual step of issuing the Supervisory Special Agent in Charge of the Los Angeles Field Office a Cease and Desist order. This action will put a stop to the egregious practice of certain high ranking Air Marshal managers who share the identities and movements of rank and file covert Air Marshal’s with third party private airport vendors. Sharing our flying Federal Air Marshal’s protected information with a private company with no legitimate need to know we believe opens the door for certain malicious actors to exploit the Air Marshal’s identities and locations. It may also violate the Agency’s own Insider Threat policies that are designed to protect sensitive information from being released to unauthorized individuals. TSA Administer Pekoske was also notified as it is unclear if this release of Sensitive Security Information (SSI) was authorized from TSA Headquarters. TSA’s definition of Sensitive Security Information is information that, if publicly released, would be detrimental to transportation security, as defined by Federal Regulation 49 C.F.R. Part 1520.

Examining the Top Cyberthreats Plaguing the Pharmaceutical Industry

As pharmaceutical companies continue to embrace digital transformation, their highly sensitive, valuable information becomes even more at risk for cyberattacks. Today’s threat actors are better resourced and more capable of achieving their nefarious goals than ever before. In addition to hackers seeking financial gain, pharma companies also contend with the full capabilities of nation-states or other pharmaceutical companies with state sponsorship. In fact, as the race to bring a coronavirus vaccine to market accelerates, threats are increasing. In July, cybersecurity agencies and authorities in the UK and Canada released a joint warning of attacks targeting COVID-19 research and vaccine development facilities. The concern is that such attacks could cause delays in delivering vaccines, which could put millions of lives at risk.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading