insider threat | Breaking Cybersecurity News | The Hacker News

Companies are in the midst of an employee  "turnover tsunami"  with no signs of a slowdown.  According to Fortune Magazine,  40% of the U.S. is considering quitting their jobs. This trend – coined the great resignation - creates instability in organizations. High employee turnover increases security risks, and companies are more vulnerable to attacks from human factors worldwide.  At  Davos 2022 , statistics connect the turmoil of the great resignation to the rise of new insider threats. Security teams are feeling the impact. It's even harder to keep up with your employee security. Companies need a fresh approach to close the gaps and prevent attacks. This article will examine what your security teams must do within the new organizational dynamics to quickly and effectively address unique challenges. Handling Your New Insider Threats  Implementing a successful security awareness program is more challenging than ever for your security team—the new blood coming in cause

A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme. "The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the presumed $2.5 million ransom," Abnormal Security  said  in a report published Thursday. "The employee is told they can launch the ransomware physically or remotely. The sender provided two methods to contact them if the employee is interested—an Outlook email account and a Telegram username." Black Kingdom, also known as DemonWare and DEMON, attracted attention earlier this March when threat actors were found  exploiting ProxyLogon flaws  impacting Microsoft Exchange Servers to infect unpatched systems with the ransomware strain. Abnormal Security, which detected and bl

When it comes to ensuring the security of your APIs, there are four critical capabilities.

Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat. But the reality is that most organizations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad. Most organizations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding. However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce. All of these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of

The U.S. Department of Justice (DoJ) indicted an employee of the Federal Bureau of Investigation (FBI) for illegally removing numerous national security documents and willfully retaining them at her personal residence during a 13-year period from June 2004 to December 2017.  The federal indictment charged Kendra Kingsbury, 48, with two counts of having unauthorized possession of documents relating to the national defense, according to an  unsealed indictment  that was made public on Friday. Kingsbury worked as an intelligence analyst in the FBI's Kansas City Division for more than 12 years, until her suspension in 2017. "The breadth and depth of classified national security information retained by the defendant for more than a decade is simply astonishing,"  said  Alan E. Kohler, Jr. Assistant Director of the FBI's Counterintelligence Division, in a statement. Stating that Kingsbury knew she was not authorized to remove and retain access to these sensitive govern

Do you always uncomfortable trusting companies with your data? If so, you're not alone. While companies do much to protect themselves from external threats, insiders always pose the highest risk to a company's data. Unfortunately, when we say companies can't eliminate insider threat completely, cybersecurity firms, who are meant to protect others, are not an exception. Cybersecurity firm Trend Micro has disclosed a security incident this week carried out by an employee who improperly accessed the personal data of thousands of its customers with a "clear criminal intent" and then sold it to a malicious third-party tech support scammers earlier this year. According to the security company, an estimated number of customers affected by the breach is 68,000, which is less than one percent of the company's 12 million customer base. Trend Micro first became aware of the incident in early August 2019 when it found that some of its consumer customers were r

An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos. According to an press note released by the U.S. Justice Department, Reyes Daniel Ruiz , a 34-year-old resident of California and former Yahoo software engineer, admitted accessing Yahoo internal systems to compromise accounts belonging to younger women, including his personal friends and work colleagues. Once he had access to the users' Yahoo accounts, Ruiz then used information obtained from users' email messages and their account's login access to hacking into their iCloud, Gmail, Facebook, DropBox, and other online accounts in search of more private material. Besides this, Ruiz also made copies of private images and videos that he found in the personal accounts of Yahoo users without their permission and stored them on a private computer a

Remember " The Shadow Brokers " and the arrest of a former NSA contractor accused of stealing 50 Terabytes of top secret documents from the intelligence agency? It turns out that, Kaspersky Lab, which has been banned in US government computers over spying fears, was the one who tipped off the U.S. government and helped the FBI catch NSA contractor Harold T. Martin III , unnamed sources familiar with the investigation told Politico. In October 2016, the U.S. government arrested and charged Martin, 51, with theft of highly classified documents, including most sensitive NSA hacking tools and top-secret information about "national defense," that he siphoned from government computers over the period of two decades. The breach is believed to be the largest heist of classified government material in America's history, far bigger than Edward Snowden leaks . According to the sources, the Antivirus firm learned about Martin after he sent unusual direct messag

Joshua Adam Schulte , a 30-year-old former CIA computer programmer who was indicted over four months ago  for masterminding the largest leak of classified information in the agency's history, has now been issued three new charges. The news comes just hours after Schulte wrote a letter to the federal judge presiding over his case, accusing officials at Manhattan Metropolitan Correctional Center of interfering with his case pleading and subjecting him to "cruel and unusual punishment" in pre-trial detention. "The shit-filled showers where you leave dirtier than when you entered; the flooding of the tiers and cages with ice-cold water; the constant blast of cold air as we are exposed to extreme cold without blankets or long-sleeve shirts; the uncontrollable lights that are always on as we are sleep deprived...No human being should ever have to experience this torture," Schulte wrote. Schulte, who once designed hacking tools and malware for both the CIA and

The insider threat is the worst nightmare for a company, as the employees can access company's most sensitive data without having to circumvent security measures designed to keep out external threats. The rogue employee can collect, leak, or sell all your secrets, including professional, confidential, and upcoming project details, to your rival companies and much more that could result in significant loss to your company. And this is exactly what is happening on Dark Web Marketplace -- a place where one can sell and purchase everything from illicit drugs to exploits, malware, and stolen data. According to a new report from the US-based risk security firm RedOwl and Israeli threat intelligence firm IntSights, staff at corporations are selling company's internal secrets for cash to hackers on one of the most famous dark web markets Kick Ass Marketplace ( Onion URL ). Besides selling their company's secret information, researchers also found evidence of rogue staff

T-Mobile is the latest in the list of recent high-profile data breaches, though this time the breach is not carried out by "Peace" - the Russian hacker who was behind the massive breaches in some popular social media sites including LinkedIn , MySpace , Tumblr , and VK.com . Instead, one of the T-Mobile's employees stole more than 1.5 Million customer records at the T-Mobile Czech Republic in order to sell it on for a profit, according to local media , MF DNES. Yes, the customer service staff member tried to sell the T-Mobile customer marketing database, though it is not clear that how much of names, e-mail addresses, account numbers and other personal data of over 1.5 Million customers the database contained. The T-Mobile Czech Republic has also refused to provide any "additional specific information" about what data was leaked, due to an ongoing police investigation. Although the company assured its customers that the stolen database did not contai

Are You an Employee? It's quite possible that someone has been reading your messages, emails, listening to your phone calls, and monitoring your activities at work. No, it's not a spy agency or any hacker… ...Oops! It's your Boss. Recently, European Court had ruled that the Employers can legally monitor as well as read workers' private messages sent via chat software like WhatsApp or Facebook Messenger and webmail accounts like Gmail or Yahoo during working hours. So, if you own a company or are an Employer, then you no need to worry about tracking your employees because you have right to take care of things that could highly affect your company and its reputation, and that is Your Employees! Since there are several reasons such as Financial Need, Revenge, Divided Loyalty or Ego, why a loyal employee might turn into an INSIDER THREAT . Insider Threat is a nightmare for Millions of Employers. Your employees could collect and leak all your professional,

An unsatisfied Employee may turn into a Nightmare for you and your organization. Nowadays, installing an antivirus or any other anti-malware programs would be inadequate to beef up the security to maintain the Corporate Database. What would you do if your employee itself backstabbed you by breaching the Hypersensitive Corporate Secrets? Yes! There could be a possibility for an Internal Breach all the time. Just last year, an ex-employee stole Yandex Search Engine Source Code and tried to sell it for just $29,000 in the underground market. Over a few years, hackers have adopted various techniques ranging from Stress Attacks to Social Engineering tactics in order to gain the Classified Corporate information. Hackers Offering $23,000 for Internal Access Now hackers are rolling their dice for the next Deceptive Step to acquire Corporate Login Details of Irish Apple Employees in exchange of 20,000 Euro ( $23,000 USD ). The current situation is being faced

A former employee of Russian search engine Yandex allegedly stole the source code and key algorithms for its search engine site and then attempted to sell them on the black market to fund his own startup. Russian publication Kommersant reports that Dmitry Korobov downloaded a type of software nicknamed " Arcadia " from Yandex's servers, which contained highly critical information, including the source code and some of the "key algorithms," of its search engine. Korobov then tried to sell the stolen codes to an electronics retailer called NIX, where a friend of his allegedly worked, and on the dark underground market in search of potential buyers. But What's the Punchline? The funniest part is that Korobov requested only $25,000 and 250,000 rubles (a total of almost $29,000) for Yandex's source code and algorithms, which actually cost "Billions of Rubles," or somewhere near $15 Million USD . However, Korobov was arrest

National Security Agency (NSA) – the one that had ruled over the privacy of the entire world from countries to individuals, the one with master access to read anyone's data, intruded into large fiber networks, and can target anyone, at any time, at any place; but lapsed somewhere in protecting its own privacy and security of the confidential data. If I am wrong, then from where did Snowden gets hold over roughly 1.7 million NSA's confidential files in sequence? According to the Intelligence officials who has investigated the insider theft by Snowden, noticed that he had accessed all these documents using some ' web crawler ', a freely available automated tool also known as spiders, which used to search, index and backup a website, " scraped data out of our systems " he said. " We do not believe this was an individual sitting at a machine and downloading this much material in sequence ," he added. He used the web crawler tool against NSA 's internal network and 'probably

Since all threats to data security and privacy often come from outside, but internal threats are comparatively more dangerous and a difficult new dimension to the data loss prevention challenge i.e. Data Breach . The " Insider threats " have the potential to cause greater financial losses than attacks that originate outside the company. This is what happened recently with three credit card firms in South Korea , where the financial and personal data belonging to users of at least 20 million, in a country of 50 million, was stolen by an employee, who worked as a temporary consultant at Korean Credit Bureau (KCB). " Confidential data of customers ranging from the minister-level officials to celebrities, including their phone numbers, addresses, credit card numbers, and even some banking records, have been leaked from Kookmin Bank, Shinhan Bank and several other commercial banks ", The stolen data includes the bank account numbers, customers' names, social security number

It is always important to secure our system against outside threats i.e. Hackers, but it also required to protect against insider threats. The potential of damage from an Insider threat can be estimated from the example of Edward Snowden who had worked at the NSA , and had authorized access to thousands of NSA's Secret Documents, networks and systems. ' According to a recent Verizon report, insider threats account for around 14% of data breaches in 2013." Mostly, securing data involves just encryption in the cloud and keeping encryption keys out of the hands of rogue employees, but it is not enough where rogue employees should have access to encryption keys as part of their work. To prevent such risk of rogue employees misusing sensitive data, CloudFlare has released an open source encryption software " Red October ," with " two-man rule " style file encryption and decryption. " Two-man rule ", a control mechanism designed to achieve a hi