ITMG Insider Threat News October 9, 2022

Cisco Talos Tracks Insider Attack Surge

The Cisco Talos intelligence group over the past year saw an increase in incidents involving insider threats such as malicious insiders and unwitting assets, and is recommending organization’s add social engineering to their policies, procedures, and education programs.

The Talos team also found today’s highly polarized political climate presents challenges for employees, especially as we move closer to the 2024 presidential election. It noted employees might react toward an organizations action or inaction relating to political or societal issues.

Critical Vulnerability in Oracle Cloud Infrastructure Allowed Unauthorized Access

A new vulnerability in Oracle Cloud Infrastructure (OCI) would allow unauthorized access to cloud storage volumes of all users, hence violating cloud isolation.

The flaw, discovered by secure cloud experts at Wiz in June and dubbed AttachMe, is now being discussed in a new advisory the company published today.

The company said that within 24 hours of being informed by Wiz, Oracle patched the flaw for all OCI customers without any customer action required.

However, in the technical write–up, Wiz senior software engineer Elad Gabay said that before it was patched, all OCI customers could have been targeted by an attacker with knowledge of the vulnerability.

Defend the Legal Sector from Insider Threats

While cyber-attacks from the outside should be a concern, new statistics from the Information Commissioner’s Office (ICO) have revealed that the real threat lies closer to home. In fact, the analysis of the ICO data in Q3 of 2021 shows more than two-thirds (68%) of data breaches in the UK legal sector were caused by insiders, as opposed to only a third (32%) caused by outside threats, such as external malicious actors. With data breaches more likely to be caused from within, legal organizations must be proactive when dealing with insider threats. Therefore, they should invest in the latest data security and governance controls to stop potential breaches at the earliest possible stage.

Preventing the Recruitment of Insider Threat Actors

This risk has significantly heightened since the COVID-19 crisis and the shift to hybrid working. Luke Walker, senior threat intelligence analyst at Searchlight Security, explained: “Remote work makes insider threat more of a risk by increasing both the chance of employees deliberately undermining the security of the company, or being tricked into doing so.

“Working from home makes people feel as if they are not being watched as closely; therefore, employees with a grudge are more likely to take an opportunity to either steal company data themselves or hand it over to cyber-criminals. For most employees, logging onto their company’s infrastructure from home is easy, they just enter their credentials into the virtual platform. Unfortunately, it is just as easy for them to hand over their credentials to a threat actor to do exactly the same thing.”

http://www.infosecurity-magazine.com/news-features/preventing-recruitment-insider/

Optus Hit by Cyber-Attack, Breach Affects Nearly 10 Million Customers

Australian unit of telecoms firm Singapore Telecommunications Optus said earlier today it was investigating the unauthorized access of customer data after a cyber–attack.

The company confirmed it immediately stopped the attack, preventing customers’ payment details and account passwords from being stolen. However, Optus confirmed some home addresses, driver’s licenses and passport numbers were potentially accessed by the attacker.

How to Tackle the Rising Prevalence of Insider Threats

According to the 2022 Ponemon Institute Cost of Insider Threats report1, security incidents caused by staff have increased by 44% during the past two years. Estimated costs per incident have also risen, reaching $US15.38 million each.

Among the reasons for this growth is the rise of the so-called ‘great resignation’. Following the pandemic restrictions, many people are now taking the opportunity to shift jobs, and often take sensitive corporate information with them.

In other cases, insider threats can be the result of unintended activity. A staff member may fall for a phishing scam and inadvertently give access to data to an external party.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading