September 3

Mitigating insider threats requires constant vigilance

0  comments

Insider threats don’t manifest themselves very often, but when they do, the consequences are devastating consequences.

A former core infrastructure engineer at an unidentified industrial company headquartered in Somerset County, New Jersey, has been arrested after allegedly sending an email notifying administrators they had been locked out of 254 Windows servers.

According to court documents, company employees received an email last November telling them that all IT administrators had been locked out of their accounts, and server backups had been deleted to make data recovery impossible. The message also threatened to shut down 40 random servers on the company’s network daily over the next ten days unless a ransom of 20 Bitcoin, worth approximately $750,000, was paid.

An investigation led by FBI Special Agent James E. Dennehy in Newark concluded a 57-year-old Daniel Rhyne from Kansas City, Missouri, who was working as a core infrastructure engineer for the company, had remotely accessed the company’s computer systems to change passwords without authorization using a company administrator account between November 9 and November 25. He was arrested in Missouri late last month. The extortion, intentional computer damage, and wire fraud charges carry a maximum penalty of 35 years in prison and a $750,000 fine.

Regardless of the trial outcome, insider threats are among the most challenging issues any cybersecurity team is likely to encounter. The primary sources of these threats are usually disgruntled employees, but they can also be accidental breaches caused by an internal employee or third-party contractor. In rare cases, an employee may also be trying to sell intellectual property to a rival. The only way to prevent these types of attacks is to make sure there are data loss prevention (DLP) tools in place to ensure that access to data is being continuously monitored. After all, how data is accessed is pretty consistent, so any unusual activity should be investigated.

Of course, once detected, these investigations can take a lot of time. Fortunately, law enforcement officials, especially the FBI, have significantly improved their digital forensics skills in recent years in the ransomware era. In fact, it’s often much easier to determine the source of an insider threat than a cyberattack that might have originated in Russia or North Korea.

As the saying goes, the wheels of justice turn slowly but grind exceedingly fine. That might only offer cold comfort for business executives coping with system disruption. Still, it serves as a deterrent by reminding any potential miscreant that they will probably get caught no matter how skilled they think they are. Arguably, one of the most effective methods is to keep track of human resources issues and, if necessary, run a background check on employees. Anyone who has accrued, for example, a large amount of debt might be more willing to sell secrets or give up access to their credentials in return for some financial relief.

In the meantime, it can’t hurt to gently remind everyone from time to time that the people they are going to meet in prison are not likely to be especially impressed by their IT expertise.


Tags


You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Get in touch

Name*
Email*
Message
0 of 350