Breaking Down an Insider Attack

Monday, September 29, 2014 @ 03:09 PM gHale


Insider attacks are increasingly using Internet cloud services and other computer tools to hack their current or former companies, the Federal Bureau of Investigation and Homeland Security Department said.

Workers use services like Dropbox Inc.’s cloud storage or software that lets them gain remote access to corporate networks and steal trade secrets and other data, the agencies said.

RELATED STORIES
Belden: Protect Against Yourself
Ex-employee Guilty of Damaging Systems
Guilty Plea in SpyEye Virus Case
Bitcoin Bust: 2 Face Conspiracy Charges

Companies victimized by current or former employees incur costs “from $5,000 to $3 million,” the agencies said without naming specific companies or incidents.

The thefts have “resulted in several significant FBI investigations” in which individuals used their access to destroy or steal data, obtain customer information and commit fraud using customer accounts, the agencies said. This alert comes after Home Depot Inc. and JPMorgan Chase & Co. confronted hacking attacks suspected of coming from outside the companies and shows that companies need to be alert to insider threats.

“While corporations devote significant resources to protecting against external threats, managers must also remain aware of the potential damage that can be caused from within by employees intent on causing harm to network systems,” an FBI spokesman, Joshua Campbell, said in a statement.

At last week’s Belden 2014 Industrial Ethernet Infrastructure Design Seminar in Houston, TX, keynoter Joel Langill of RedHat Cyber, an independent ICS security researcher, asked “what are the top threats: Terrorists, hacktivists or control engineers?” His answer: “Control engineers. When you go into a site assessment, no one ever protects against the guy working inside. That is not to say he is a bad guy, he may just not know the right thing to do.”

“The control engineer is the greatest risk against the system,” Langill said. “The threat should not be running around with administrative privileges.”



Leave a Reply

You must be logged in to post a comment.