ITMG Insider Threat News – October 12, 2020

Microsoft will allow employees to stay remote permanently

Microsoft is the latest name in Big Tech to tell its workforce not to worry about coming back to the office. The software giant has reportedly told its employees to feel free to work from home forever, even when its offices open back up. Under its new “hybrid workplace” guidance, employees will be allowed to spend less than half their working hours out of the office, and can receive approval from their managers to stay remote permanently. “The COVID-19 pandemic has challenged all of us to think, live, and work in new ways,” Microsoft said in a memo viewed by The Verge. “We will offer as much flexibility as possible to support individual workstyles, while balancing business needs, and ensuring we live our culture.” Those workers who opt to stay home even when things open back up will give up their assigned desks, and will work in common spaces if they decided to pay the office a visit. Microsoft’s memo comes almost five months to the day after Twitter CEO Jack Dorsey told employees that those whose jobs permit it will be allowed to work remotely forever — even after the coronavirus pandemic is over. Facebook boss Mark Zuckerberg also told workers earlier this year that certain employees will be able to work from home on a full-time basis, and said that as much as half of the social-networking giant’s workforce could be remote within the next five to 10 years.

Twitter Hack Spurred Copycats, But Other Businesses Don’t Have to Fall Prey

A 17-year-old was apparently the ringleader of a trio of young hackers behind the July hijacking of dozens of high-profile Twitter accounts. Not even old enough to rent a car, the hackers perpetrated a Bitcoin scam that caused the cyber world to take a good look at how a motley band of mere youths could bypass the robust cybersecurity protocols of one of the world’s largest tech companies. Inspired by the hack, copycats are now using the same tactics to target dozens of other companies. There must be something fundamentally wrong with account security given such an attack on a global tech giant with top-notch security practices by penetrating what should have been the highest level of permissions to critical internal systems through psychological manipulation tactics known as social engineering. The fundamental flaw is our reliance on passwords, which in turn rely on human beings to remember and manage in order to guard against threats. The anatomy of the Twitter scam: A classic case of privileged account takeover. As a global tech leader, Twitter employs the kinds of robust security practices one would expect including: Privileged Access Management (PAM) protocols, multi-factor authentication (MFA), zero tolerance for misuse of credentials or tools, active monitoring for misuse, and regular permission audits

DHS exempts insider threat program from privacy protections

WASHINGTON — The Department of Homeland Security has finalized a new rule that broadens its ability to investigate insider threats by eliminating key Privacy Act protections for all past and current employees regardless of their security clearance. The department said Tuesday that removing the privacy protections from the Insider Threat Program, which aims to fight threats to the agency from its employees, is necessary to conduct criminal, civil and administrative enforcement. The Privacy Act provisions alert the subject of an investigation of its existence, the Department Homeland Security said, undermining law enforcement efforts and compromising an investigation’s confidentiality. The rule also allows the agency to expand the scope of employee information collected to include things that may not be necessary or relevant. “It is impossible to determine in advance what information is accurate, relevant, timely and complete,” the department said. The report said auditors reviewed a sampling of receipts, purchase orders and other supporting documents and found “found multiple examples of inadequate records” — including some that were altered or showed his home as the shipping address.

Google CEO Sundar Pichai Calls For A ‘Hybrid’ Work-From-Home Model

In an interview with Alphabet CEO Sundar Pichai at the TIME100 Honorees: Visions for the Future event, the chief executive said that the search engine giant will be more “flexible” with its workers and offer a “hybrid” model that will include a blend of both remote and in-office methods of working. Pichai, who was recognized by TIME as one of the world’s most influential people, acknowledged that his employees have distinct needs, as it relates to their work style and preferences. In an attempt to offer a worker-friendly environment, Pichai said, “We firmly believe that in-person, being together, having a sense of community is super important when you have to solve hard problems and create something new so we don’t see that changing. But we do think we need to create more flexibility and more hybrid models.” He feels that this approach would serve to accommodate the desires of the Googlers. Pichai has been at the forefront of the work-from-home and remote-work agenda for a while. At the end of July, Google allowed its employees to continue working from home through June 2021. This pronouncement was part of a growing list of top tech companies, such as Twitter, Square and Facebook, that have previously announced that they’d continue the remote-work setup for the foreseeable future. Jack Dorsey, the CEO of both Twitter and Square, pushed the boundaries and said that he’s open to having his employees work from home “forever.” A large number of other corporations followed with their own remote plans.

Insider Threat Security: Is Your Business at Risk?

Factors that lead to insider threats include the technical and the human — and prevention is key. Organizations spend a lot of money trying to fortify their outer moats, working to prevent security threats from breaching the perimeter. But other risks lurk within those walls, risks that can prove intensely damaging to the broader organization — a threat that warrants extra attention during Cybersecurity Awareness Month. These problems are widespread and costly. A recent study from the Ponemon Institute, ObserveIT and Proofpoint found that the average cost of insider threats among the organizations it surveyed was $11.45 million in 2020 — a 31 percent increase from 2018. A majority of these threats are unintentional and not malicious in nature, but they can still deeply harm companies. Tom Price, managing director of operations, technology and business continuity planning for the Securities Industry and Financial Markets Association, says that such attacks can be destabilizing for organizations such as the financial firms his group represents.

Rise in mercenary hacking groups and cyber espionage

As the 2020 U.S. presidential election nears, there has been a rise in mercenary hacking groups and cyber espionage. Some say this a direct result of the current administrations’ increasingly isolationist global foreign policy, and that the U.S.’ status in the global cyber domain should be a major discussion point before November. According to David Wolpoff (moose), a career hacker, the Trump administration’s dismantling of international orders (ex: withdraws from Asia-Pacific trade agreement; Paris Climate Accord; Iran Nuclear Deal), is diminishing the U.S.’ ability to enforce its cyber objectives. Global economic engagement creates safety in U.S. cyberspace – treaties create legal accountability; they’re a mechanism preventing hacking, he says.

New ‘MontysThree’ Toolset Used in Targeted Industrial Espionage Attacks

Researchers uncovered a new toolset they’ve dubbed “MontysThree” that has played a role in targeted industrial espionage attacks stretching back to 2018. In the summer of 2020, Kaspersky Lab discovered that an unknown actor had been using a modular C++ toolset called “MT3” to conduct targeted industrial espionage campaigns for years. The security firm analyzed MT3, which they nicknamed “MontysThree,” and found that the malware relied on RAR self-extracting archives (SFX) for distribution. Those files commonly contained the names of employees’ phone lists, medical test results and technical specifications. Ultimately, the SFX archives didn’t use any lures. All they had were PE files disguised as .PDF or .DOC files—a common technique in spear-phishing campaigns. The researchers found that the threat didn’t break any new ground in its use of a Windows Quick Launch .lnk modifier as its persistence mechanism, in its storage of encryption keys in the same file as well as other techniques and design choices. Even so, MontysThree stood out to Kaspersky Lab for using a custom steganography method that helped it to evade Intrusion Detection Systems (IDSes). The toolset also abused legitimate cloud services to conceal its command-and-control (C&C) traffic and stored a 3DES key under RSA encryption.

Foreign spies use front companies to disguise their hacking, borrowing an old camouflage tactic

Professional hackers who already try to hide their activity through an array of technical means now seem to be trying on more corporate disguises, by creating front companies or working as government contractors to boost their legitimacy. U.S. law enforcement in September accused hackers based in Iran and China of conducting global espionage operations while appearing to exist as otherwise innocuous technology firms. While the public nature of the charges are proof the efforts weren’t entirely successful, the tactic marks an evolution of the use of dummy corporations since a group of financial scammers stole a reported $1 billion by posing as a cybersecurity testing firm. “It just makes it harder to figure out who’s doing what, and what are their motivations,” John Demers, the U.S. assistant attorney general for national security, said of the apparent motivation in a recent interview.

Research Finds 450% Increase in Remote Employees Circumventing Security to Mask Online Habits or Steal Data

56% of companies say their remote workers actively bypassed security controls to obfuscate online activity – 70% of the incidents included at least one attempt to circumvent a second security control to exfiltrate data without detection – 72% of companies surveyed saw data theft attempts by a departing employee wanting to take protected IP with them. New research shows that the shift to an almost fully remote workforce has significantly changed the behaviors of ‘trusted insiders’ in 2020. In a series of interviews with hundreds of businesses across a diverse range of industries, researchers found a 450% increase in employees circumventing security controls to intentionally mask online activities and a 230% increase in behaviors that indicate intent to steal data.

How to combat against insider threats: A strategy financial institutions can bank

Despite popular opinion, cyberattacks are not always an attempt to take over or cripple a businesses’ infrastructure. In fact, one of the leading causes of cyber crime comes from insider threats and human error. All organisations understand the need to have strong cybersecurity measures in place to protect personal and corporate data, but financial services, have an increased need for advanced security with both money and personal data at risk. The challenge with insider threats, is when it comes to financial services, most employees have access to highly sensitive data. Think of credit card information, date of births and home addresses – this type of data can be a gold mine for criminals. So, what exactly are insider threats and how can financial institutions combat against this? Insider threats come in all shapes and sizes. Although at first the thought of an insider threat may sound like a difficult topic to bring up and a question of trust, this is not the case. Insiders come in all shapes and sizes and simply put, this term refers to all employees and internal people who have access to company assets and data. Anyone who has privileged access (e.g. login credentials) to sensitive servers, data, and systems can be considered an insider threat, as each person’s access is a point of vulnerability. These insiders can be anyone from the CEO through to HR managers or banking tellers – essentially an insider threat can exist at every level of the organisation. In addition, insider threats can also refer to external employees such as contractors, freelancers and third-party vendors who have access to the company’s infrastructure. Financial transactions often require more than one system from multiple corporate entities, so it important to ensure this aspect is also considered.

Half of All Organizations Experienced Cyber Security Incidents During the Remote Working Period

Half of all organizations experienced security incidents associated with remote working during the lockdown period, according to a report by Tessian. The “Securing the Future of Hybrid Working” report also found that phishing remained the most prevalent threat facing employees working remotely. While remote working was a predisposing factor for cyberattacks, the Tessian report found that most employees prefer hybrid working environments, with just 11% exclusively preferring office work. Tim Sadler, CEO and Co-Founder of Tessian noted that “While remote working was an option for some employees pre-pandemic, and while some companies are more familiar with flexible working arrangements, not all employees got to experience it because of scheduling and business demands which meant they still needed to physically be in the office. Now, the majority of office workers are working from home. And it’s going to be hard for businesses to justify why their workers need to come into the office every day of the week, post-pandemic.”

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading