The changing nature of insider threats was described by Lisa Forte, founder, Red Goat Cyber Security, during a keynote presentation at this week’s virtual ISC2 Security Congress 2021.
Forte began by noting that traditionally, insider threat actors are seen as ‘bad apples’ within a business, but we have now “moved quite far away from that.” Indeed, many perpetrators do so without malicious intent. She also pointed out that it has become far easier for employees to carry out these acts of espionage on their employers' thanks to new technologies. For example, mobile phones can be used to take photos of important data, and thousands of documents can be transferred to an SD card. These acts are far easier to conceal than previously when insider threat actors would “have to physically copy large quantities of files.”
Additionally, the rise of social media means that the “biggest threat comes from insider people who get socially manipulated online to hand over information,” according to Forte. She then described a recent case that highlights this tactic. This involved a scientist (John) who was in charge of a team working on sensitive research for a major UK company. He had recently been divorced and was looking to meet a new partner who shared his passion for science, and signed up to dating websites.
John made a professional post on LinkedIn and received a question in the comments from a lady called Sveti. He responded to her via the private message function, and they engaged in scientific discussion before exchanging numbers and continuing the conversation on WhatsApp. Sveti was from Bulgaria and an aspiring environmental scientist. She continued to ask John questions about science and his research and began requesting diagrams and documents to help explain certain concepts. John obliged, flattered by the interest Sveti was showing in him and his work, and they became closer, with the messages taking a romantic turn. Sveti was also an aspiring dancer and would often ask John to critique her performances.
One day, while working at his organization’s lab during the COVID-19 lockdown, John received a message from Sveti asking him to watch a video of her dancing that she was planning to publish online. However, he couldn’t open it on his phone or a PC in his company’s office. She then begged him to try to play the video on an older device, of which there were several in the lab. He attempted this, but the video still failed to play. Yet suddenly, everything started crashing on the lab computer, alerting the company’s security team, who discovered the file was actually malware. After that, John never heard from ‘Sveti’ again – he had been duped by a highly tailored social engineering campaign to steal information and sabotage his organization.
No tags.
