econintersect.com
       
  

FREE NEWSLETTER: Econintersect sends a nightly newsletter highlighting news events of the day, and providing a summary of new articles posted on the website. Econintersect will not sell or pass your email address to others per our privacy policy. You can cancel this subscription at any time by selecting the unsubscribing link in the footer of each email.



posted on 20 February 2016

When Cyber Security Is An Inside Threat

from STRATFOR

-- this post authored by Scott Stewart

According to a recent article by Business Insider, hackers in Ireland, stymied by Apple's information systems security, are taking another approach to gain access to the corporation's data. They are offering Apple employees up to 20,000 euros for valid login credentials. While not all approaches to insiders are so overt, this case nevertheless serves as a great reminder that malicious actors are actively recruiting insiders to exploit their status.

Beyond that, it demonstrates that the insider threat is not just confined to an Edward Snowden type who steals a mass of data in one swoop before leaving the company. Insiders can pose a far more subtle and enduring threat. Because of this, we should think beyond Snowden when considering how insider threats can manifest.

Thinking About Insider Threats

It's important when considering insider cyber threats to not let the cyber element distract from the basic problem; hacking is still fundamentally theft of information. In fact, I would encourage security managers to think about these insider threats much as they would any other sort of corporate or government espionage.

Certainly, those looking to recruit an insider would love to have access to a systems administrator - essentially the corporate equivalent of an embassy communications officer. Systems administrators normally hold the keys to the kingdom, and in many cases they can access a variety of email accounts and other systems of interest to those conducting corporate espionage, whether they are motivated by ideology, looking to steal proprietary secrets or seeking information for insider trading purposes. That said, company IT staffs are not the only people who could be recruited to help carry out a cyberattack.

In addition to the outright sale of a valid system login, as in the Apple example, insiders can also perform more subtle tasks to help hackers. One is to fill the role that an "access agent" would in traditional espionage: identifying potential sources. Rather than pinpointing and approaching individuals, in the cyber realm insiders can help hackers understand a company's systems and security procedures. They can also provide company organizational charts and examples of company communications. Perhaps more important, an insider has knowledge of who talks to whom and what topics they discuss; they may even pass along sample emails that show how people interact.

This level of detail can be incredibly useful in helping set targets up for a well-crafted and convincing attempt at spear phishing, an email attack tightly focused on an individual user. If a hacker learns that Carol regularly sends text documents or spreadsheets to Bob and even has examples of how Carol normally addresses Bob, including any company or personal jargon, he or she can then craft a highly tailored message spoofing Carol's email address and with it deliver an attachment loaded with malware.

Access agents can also be used to help spot troubled coworkers whose financial or other vulnerabilities, such as anger at the company or drug use, might make them easier to recruit. Sex also works as a highly effective recruiting tool, and access agents can identify people most likely to be vulnerable to a "honey trap."

Non-IT staff insiders can also be used to introduce malware into a company's computer system. They may knowingly open a spear phishing tool, allowing them to feign victimization later if they get caught. As noted above, they have the knowledge to help craft a plausible spear phishing presentation that can give them the cover of apparent innocence. They could also, for example, steal a thumb drive from a coworker's desk and allow hackers to install malware on it before returning it. There are many ways a non-IT insider can help inject malware into company systems - even sensitive "air gapped" systems, or secure networks separated from the Internet.

Persistent Insider Threat

Insider threats are not limited to one-hit wonders like Snowden. Insider agents who make their actions seem innocuous and maintain plausible deniability can stay in place at the targeted company for a long time. Again, thinking in traditional espionage terms, it was always a great windfall when someone would walk into an embassy and hand an intelligence officer a briefcase full of classified documents. But a good intelligence officer isn't satisfied with just those documents. Sharp officers protect walk-ins and encourage them to continue working; that way, they can provide a continuing stream of valuable intelligence instead of just a single document dump.

But even when we are dealing with a recruited agent instead of a walk-in, the best strategy is to leave the agent in place for a prolonged period to maximize the extracted intelligence. National intelligence agencies running computer intelligence operations will follow the same principles in recruiting sources as they do for other operations. Intelligence services draw little distinction between an asset recruited for cyber and one meant for traditional intelligence gathering, and once recruited, agents can serve both purposes.

Anyone who doubts that intelligence agencies from an array of countries actively recruit sources from within many different types of companies has not been paying much attention. States frequently use false-flag approaches, sometimes presenting themselves as competitors or even criminals rather than intelligence officers.

But even beyond intelligence agencies, it is easy to see how ideologically motivated leakers, competitors and criminals could benefit greatly by having inside sources embedded long-term within a company.

Bad Operations Security

Finally, in addition to knowing collaborators who act intentionally, sloppy insiders also pose a significant threat - and arguably a larger and more persistent one. Whether or not the slip-up is as high-profile as the case of an Apple employee who left a top secret iPhone 4 prototype at a bar, or the case of the Qualcomm CEO whose laptop was stolen shortly before his company reported its quarterly results, there's always the chance that a low-level insider will fall for a clumsy phishing email and introduce malware onto company servers through a personal laptop.

Of course, such negligence can play a role in attacks involving knowing insiders as well. All the potentially threatening actors we've discussed, from intelligence agencies to criminals, can and do pounce on mistakes made by unwitting, inattentive insiders. But compared with recruiting an insider, which requires more effort and is more easily detected, a targeted cyberattack is a low-cost, low-risk method that can be just as effective. Negligence makes those attacks easier to execute. Poor operations security is also not just confined to non-technical employees. Inexperience, laziness or poor practices can make IT staff negligent as well. In short, employees should be well informed and on guard. The threat posed by a Snowden-like insider is grave. But it is far from the only type of insider threat that can harm your company.

"When Cyber Security Is an Inside Threat" is republished with permission of Stratfor.

>>>>> Scroll down to view and make comments <<<<<<

Click here for Historical News Post Listing










Make a Comment

Econintersect wants your comments, data and opinion on the articles posted.  As the internet is a "war zone" of trolls, hackers and spammers - Econintersect must balance its defences against ease of commenting.  We have joined with Livefyre to manage our comment streams.

To comment, using Livefyre just click the "Sign In" button at the top-left corner of the comment box below. You can create a commenting account using your favorite social network such as Twitter, Facebook, Google+, LinkedIn or Open ID - or open a Livefyre account using your email address.



You can also comment using Facebook directly using he comment block below.





Econintersect Contributors


search_box

Print this page or create a PDF file of this page
Print Friendly and PDF


The growing use of ad blocking software is creating a shortfall in covering our fixed expenses. Please consider a donation to Econintersect to allow continuing output of quality and balanced financial and economic news and analysis.


Take a look at what is going on inside of Econintersect.com
Main Home
Analysis Blog
The Truth About Trade Agreements - and Why We Need Them
Big Mess in Italy
News Blog
Defence Budgets Are Surging In The Baltic States
It's Been A Turbulent Start, But Juno Is Now Delivering Spectacular Insights Into Jupiter
The World's Most Reputable Cities
What We Read Today 07 December 2016
October 2016 Consumer Credit Headlines Say Year-Over-Year Growth Rate Declined
Disabled Veteran And His Service Dog Get Job At Hardware Store
October 2016 JOLTS Job Openings Rate Shows Insignificant Year-over-Year Growth
Do Rises In Oil Prices Mean Rises In Food Prices?
Are Mobile Phone Payments Secure?
Infographic Of The Day: 12 Reasons To Let Your Employees Play Games
Early Headlines: Asia Stocks Up, Oil Down, House Has Stopgap $ Bill, Trump Sold All Stock, Euro Holding On, May Doubles Down, India Economy Struggles, Oz GDP Contraction And More
President Trump Must Be One-Term, Voluntarily!
Documentary Of The Week: Untold History Of The United States, 1890s To 1920
Investing Blog
The Real 401k Plan Manager 07 May 2016
Exuberance Returns
Opinion Blog
The US Government Needs To Spend More
Trump And Modi: Birds Of The Same Feather, But With Different World Views
Precious Metals Blog
Silver Prices Rebounded Today: Where They Are Headed
Live Markets
07Dec2016 Market Close: Wall Street Records New Highs, Health-Care Stocks Tumble, Crude Prices Stall At $50 Handle, New Fears Of A Correction Are Looming
Amazon Books & More






.... and keep up with economic news using our dynamic economic newspapers with the largest international coverage on the internet
Asia / Pacific
Europe
Middle East / Africa
Americas
USA Government



Crowdfunding ....






























 navigate econintersect.com

Blogs

Analysis Blog
News Blog
Investing Blog
Opinion Blog
Precious Metals Blog
Markets Blog
Video of the Day
Weather

Newspapers

Asia / Pacific
Europe
Middle East / Africa
Americas
USA Government
     

RSS Feeds / Social Media

Combined Econintersect Feed
Google+
Facebook
Twitter
Digg

Free Newsletter

Marketplace - Books & More

Economic Forecast

Content Contribution

Contact

About

  Top Economics Site

Investing.com Contributor TalkMarkets Contributor Finance Blogs Free PageRank Checker Active Search Results Google+

This Web Page by Steven Hansen ---- Copyright 2010 - 2016 Econintersect LLC - all rights reserved