**ITMG Insider Threat Cases – Archive
‘Be aware’: The Pentagon’s target list for extremist infiltrators — right and left
An internal “training module” singles out a range of groups, ideologies and symbols seen as primary insider threats.They are all signs that extremists could be infiltrating the military, according to internal training materials that offer a more detailed view into the array of radical groups and ideologies the Pentagon is trying to keep out of the ranks.
Canadian universities instructed to protect themselves from foreign espionage and interference
Canada issued security guidelines on foreign espionage and interference to universities on Wednesday, as the government warned of a “real threat” to knowledge, data and intellectual property. The government asked members of a universities working group to develop risk guidelines, to integrate national security considerations into the evaluation and funding of research projects and partnerships. The security guidelines build on work already under way to bolster security policies and procedures in research councils and the Canada Foundation for Innovation. “Espionage and foreign interference activities by both human and cyber actors pose real threats to Canadian research integrity, intellectual property and business interests,” the government said. “Canadian research organisations should remain vigilant and ensure that they are applying best practices for securing their research and intellectual property, including employing strong cybersecurity and physical security protocols.”
US lacks visibility into digital espionage at home, NSA boss says
National Security Agency Director Gen. Paul Nakasone addressed the elephant in the room on Thursday during testimony on Capitol Hill: How could the U.S. government have missed SolarWinds and Microsoft Exchange Server hacking until after the malicious activity was already well underway? “It’s not the fact that we can’t connect the dots — we can’t see all the dots,” Nakasone said, acknowledging that the U.S. government, including the NSA, does not have a view into foreign hacking campaigns when they exploit domestic internet infrastructure. “We have a difficulty as a government understanding the totality of the actual intrusion.”
NCSC issues insider threat guide for US critical infrastructure entities
The US National Counterintelligence and Security Center (NCSC) has published ‘Insider Threat Mitigation for U.S. Critical Infrastructure Entities: Guidelines from an Intelligence Perspective’. The new publication focuses on the human threats to US critical infrastructure including employees at critical infrastructure organizations who may be exploited by foreign adversaries. The publication provides guidance on how to incorporate these threat vectors into organizational risk management plans and offers best practices for critical infrastructure entities to mitigate insider threats. All organizations are vulnerable to insider threats from employees who may use their authorized access to facilities, personnel, or information to harm their organization, intentionally or unintentionally. The harm can range from negligence -such as failing to secure data or clicking on a spear-phishing link – to malicious activities like sabotage, intellectual property theft, fraud, or workplace violence.
Judge rejects ex-CIA worker’s try to dismiss hacking charges
NEW YORK — A former CIA employee cannot get espionage charges against him dismissed on the grounds that there weren’t enough Hispanic or Black individuals on the grand jury that indicted him, a judge ruled Wednesday. U.S. District Judge Paul A. Crotty issued his ruling in the case against Joshua Schulte, finding that there was nothing illegal about a suburban grand jury in White Plains returning the indictment during the coronavirus pandemic rather than a grand jury in Manhattan that normally would have done so.
Are “disrupted” employees a new cybersecurity threat?
As work-from-home policies persist for many enterprises amid the global pandemic – and may become permanent in the long run – the cyber threat landscape has become much more complicated. Current work arrangements are so far from the norm that a new threat has emerged: the “disrupted” employee. We are all familiar with the concept of a malicious employee actively trying to damage the company or exfiltrate data out of financial interest or revenge. Much more common is an employee who is fully compliant and follows your security policies as second nature. A disrupted employee is someone in between: trying to do their job right but with less secure means. He or she may face challenges in getting projects done due to no longer having access to the office’s infrastructure or face-to-face interactions. Gone are the water cooler conversations or impromptu meetings in the hallways, as we rely on Zoom or WebEx calls to stay connected. Informal information exchanges are all but gone.
How to Combat the New ‘Insider Threat’: Compromised Partners
It’s difficult to stop supply chain attacks if partner accounts are compromised. What can you do when these attacks are indistinguishable from insider threats?
The current rash of financial fraud and supply chain attacks exploit a seemingly unsolvable vulnerability in your security strategy. Attackers exploit the fact that you must communicate with outside partners and vendors to thrive as a company or an institution. As you interact with partners, the door to exploitation opens, specifically in the form of supply chain attacks. These attacks are tremendously hard to detect since malware and malicious links are not necessary for successful exfiltration, so the final “kill shot” has the most subtle of fingerprints. Yet efficacy is so high, in just the first few months of 2021, such attacks have succeeded in millions of dollars in currency theft and incalculable troves of stolen data.