Skip Navigation

ITMG Insider Threat News – September 14, 2020


Edward Snowden ‘Surprised’ By Trump Weighing Pardon, Asks Him to Clear Others Charged With Leaks

Mr. Snowden, the former intelligence contractor who admittedly leaked classified material to the media in 2013, told MSNBC he was surprised when the president recently said he might be pardoned. Appearing on “The 11th Hour with Brian Williams,” Mr. Snowden also said neither he nor his representatives have spoken with the White House since Mr. Trump floated a possible pardon last month. “By hook or by crook, there’s been nothing. No contact, anything like that,” Mr. Snowden said on the cable news show while being interviewed remotely from Moscow, Russia, where he lives. Mr. Snowden, 37, has been charged with theft and violations of the Espionage Act for leaking classified documents he obtained as a contractor for the U.S. National Security Agency, or NSA. He was abroad when he revealed himself in 2013 to be the source of leaked NSA documents recently published by the press about the agency’s surveillance abilities. He received temporary asylum by Russia after being charged by the Justice Department and has lived there legally ever since. The charges against him have not yet been tried in a U.S. court.

Eight in 10 IT Pros Believe Their Organization Is Next to Suffer a Breach

94% of IT pros have experienced a data breach at some point in time. 79% are worried their current employer could be next. Employee data breaches most commonly occur through external email services such as Gmail and Outlook. New research indicates that IT professionals are overwhelmingly pessimistic about their organization’s resilience facing a cyber threat. Employee data breaches are seen as the biggest risk to the business. A survey of 500 IT professionals by Exonar reveals that 94% of respondents have experienced a data breach at some point in time, while 79% are worried their current employer could be next. Insider threats are regarded as the biggest risk, with 40% of respondents citing employee-caused data breaches as the biggest overall threat to information security in the coming year. 21% named external attacks from cybercriminals as the biggest risk, and 20% cited malware attacks. Employee data breaches most commonly occur through external email services such as Gmail and Outlook, according to half of those surveyed. 42% also agree that breaches occur through collaboration tools such as Slack and Dropbox as well, and 41% cited messaging services. Just 6% had never knowingly experienced a data breach, according to the research.

Top 10 Tips to Prevent Insider Threats

September is National Insider Threat Awareness Month (NIATM), which is a collaborative effort between the National Counterintelligence and Security Center (NCSC), National Insider Threat Task Force (NITTF), Office of the Under Secretary of Defense Intelligence and Security (USD(I&S)), Department of Homeland Security (DHS), and Defense Counterintelligence and Security Agency (DCSA) to emphasize the importance of detecting, deterring, and reporting insider threats. In honor of National Insider Threat Awareness Month we are posting the Top 10 Tips to Prevent Insider Threats. One of the most pernicious problems in information security is the Insider Threat.  The best firewalls in the world won’t keep out someone who can log in inside the wall.  The most advanced multi-factor authentication system on the market won’t stop someone who is fully authorized to be there.  Keeping files isolated won’t stop the person whose job includes access to the files.

Credential Theft on the Rise, in Part Due to Remote Work

Credential theft has been on the rise in recent years; more than 80% of hacks are the result of credential theft (most of it coming from successful phishing attempts), according to the 2020 “Verizon Data Breach Investigations Report.” This number could increase in next year’s report, thanks to an increase in remote work and the number of scams surrounding COVID-19. What makes credential theft so hard to detect is that it looks like legitimate access. There are no vulnerabilities or flaws for the hacker to exploit; they have all the information they need to enter the system. This makes it extremely difficult to distinguish between hackers and legitimate insiders, according to a recent study from Positive Technologies. Another issue is that it now becomes more difficult to determine an insider threat from an outside threat.

The Recent Attack on Tesla Open a Dangerous Threat Vector

The fact that Tesla was the target of a ransomware attack late last month is not earth-shattering news. These types of cyberattacks have gained their own brand of infamy over the past several years because of their targets and their boldness. Back in the mid-2010s when healthcare facilities and financial institutions became the darling of ransomware criminals, The drill was simple. We infect your network with a virus, we gain control of your network and then hold your data hostage while your organization decides whether or not to pay the ransom – in Bitcoin. Fast forward to the summer of 2020 as the COVID-19 pandemic rages across the globe, ransomware pirates have crawled from the Petrie dish. Notable cyber attacks have played out with the cruise company Carnival, while Garmin revealed that they suffered ransomware attacks as well. Financial services company Travelex recently paid $2.3 million to resolve a ransomware attack. What makes this Tesla attack different and even more disturbing is that it was an insider breach. According to the Department of Justice complaint, a 27-year-old Russian named Egor Igorevich Kriuchkov traveled to the U.S. and contacted a Russian speaking, non-U.S. citizen who was working at the Tesla Gigafactory in Sparks, Nevada. The Russian allegedly attempted to bribe the Tesla employee with a $1 million to deliver malware to computer systems at the Gigafactory. Kriuchkov and his associates allegedly planned to extract data from the network and threaten to make it public if Tesla didn’t pay a ransom.

A Year After Espionage Arrest, RCMP Still Hasn’t Acted on Calls for Tighter Security

RCMP launched internal security review following the arrest of Cameron Ortis. The RCMP has flagged ways to tighten its security protocols in response to the Cameron Ortis espionage case — but not one of those changes has been implemented in the year since his arrest. Ortis, who is still awaiting trial, served as director general of the RCMP’s national intelligence co-ordination centre. He was arrested on Sept. 12, 2019 and charged with preparing to share sensitive information with a foreign entity or terrorist organization. He’s also charged with sharing operational information back in 2015. In the immediate aftermath of his arrest, RCMP Commissioner Brenda Lucki launched an internal security review. “This mandate required a review of various security areas, including not only the Ortis incident but also more broadly the overall security practices of the RCMP,” said Cpl. Caroline Duval in an email. The final report coming out of that review is now complete. It made a number of recommendations but it hasn’t yet been presented to the force’s senior executive committee.

Managers Who Stay Connected to Remote Employees Could Reduce Insider Threats, State Official Says

The coronavirus pandemic forced much of the federal workforce into a situation that usually serves as a primary indicator of insider threat, according to the State Department’s Jacqueline Atiles. “People are isolated right now and that is the number one indicator of insider threat,” said Atiles, program director of State’s Insider Threat Program. She spoke to Nextgov to share some tips for ensuring employees don’t compromise the safety of people, property or information from within the government during the month which the Office of the Director of National Intelligence officially designated for that purpose last year.

Mapping the Motives of Insider Threats

Insider threats can take many forms, from the absent-minded employee failing to follow basic security protocols, to the malicious insider, intentionally seeking to harm your organization. Some threats may stem from a simple mistake, others from a personal vendetta. Some insiders will work alone, others at the behest of a competitor or nation-state. Whatever the method and the motives, the results can be devastating. The average cost of a single negligent insider incident exceeds $300k. That figures increases to over $755k for a criminal or malicious attack and up to $871k for one involving credential theft. Unlike many other common attacks, insider attacks are rarely a smash-and-grab. The longer a threat goes undetected, the more damage it can do to your organization. The better you understand your people – their motivations, and their relationship with your data and networks – the earlier you can detect and contain potential threats.

This entry was posted on Monday, September 14th, 2020 at 2:42 pm. Both comments and pings are currently closed.