• Advertising
  • Disclaimer
  • Contact us
  • About us
WTM News
Web Hosting and Linux/Windows VPS in USA, UK and Germany
  • Home
  • entertainment
    • All
    • games
    • movies
    • music
    • sports
    'Elvis': Austin Butler ascends to the Olympus of rock in the final trailer of the Baz Luhrmann biopic

    ‘Elvis’: Austin Butler ascends to the Olympus of rock in the final trailer of the Baz Luhrmann biopic

    'Stranger Things': This is the duration of the nine chapters of the fourth season

    ‘Stranger Things’: This is the duration of the nine chapters of the fourth season

    Sony denies that 'Bad Boys 4' is in danger and defends Will Smith

    Sony denies that ‘Bad Boys 4’ is in danger and defends Will Smith

    'High School Musical: The Musical: The Series' renewed for a fourth season, Olivia Rodrigo will only be a guest star

    ‘High School Musical: The Musical: The Series’ renewed for a fourth season, Olivia Rodrigo will only be a guest star

    'The paper house: Korea': New trailer with the Professor, Tokyo and a union between the two Koreas

    ‘The paper house: Korea’: New trailer with the Professor, Tokyo and a union between the two Koreas

    'Riverdale' renewed for a seventh season, but it will be the last

    ‘Riverdale’ renewed for a seventh season, but it will be the last

  • business
    • All
    • startups
    bitumen 60/70

    Iran Bitumen

    Study Smart: Tips and Tricks to Ace the GED Test

    Study Smart: Tips and Tricks to Ace the GED Test

    Things to Remember When Taking the GED Math Test

    Things to Remember When Taking the GED Math Test

    DutyCope is the newest freelance platform

    Dutycope is the newest freelance platform

    What plans does NASA have to continue working with Russia?

    What plans does NASA have to continue working with Russia?

    Dutycope, the introduction of one of the best freelance sites

    Dutycope, the introduction of one of the best freelance sites

    Boeing's $ 450 million investment in Wisk Aero

    Boeing’s $ 450 million investment in Wisk Aero

    FedEx uses a laser defense system to defend its aircraft against missile attacks

    FedEx uses a laser defense system to defend its aircraft against missile attacks

    Tim Cook earned over $ 98 million last year!

    Tim Cook earned over 98 million Dollar last year!

  • Technology
    • All
    • apps
    • gadget
    • mobile
    Robots and homes with empathy: the next step in the care of the elderly |  Technology

    Robots and homes with empathy: the next step in the care of the elderly | Technology

    DES2022 BARACK OBAMA

    Barack Obama will be present at DES2022

    “I am concerned that large companies like Google, Microsoft, Facebook or Amazon have almost infinite resources” |  Technology

    “I am concerned that large companies like Google, Microsoft, Facebook or Amazon have almost infinite resources” | Technology

    datos no estructurados

    Unstructured data, basis of innovation

    Hoan Ton-That doesn't care about the Geneva Convention |  Technology

    Hoan Ton-That doesn’t care about the Geneva Convention | Technology

    Hannover Messe 2022: toda la tecnología para la industria

    all the technology for the industry

    Trending Tags

  • lifestyle
    • All
    • foods
    • health
    • travel
    3 Days in Dubai – Where to Visit in Dubai

    3 Days in Dubai – Where to Visit in Dubai

    Ata Ghotbi and the road to success

    Ata Ghoutbi and the Road to Success

    5 ways to open frozen pipes without damaging the pipe

    5 ways to open frozen pipes without damaging the pipe

    Why is it better not to use toilet paper?

    Why is it better not to use toilet paper?

    Why do we have to put a pillow between our knees at night?

    Why do we have to put a pillow between our knees at night?

    Two mistakes men make in bed that ruin sex for women!

    Two mistakes men make in bed that ruin sex for women!

    Trending Tags

  • Review
    Review of the first part of the fifth season of the Money Heist series

    Review of the first part of the fifth season of the Money Heist series

    Introduction of Solar Ash game

    Introducing and reviewing the interesting game Solar Ash

    Review Huawei WATCH FIT smartwatch

    Review Huawei WATCH FIT smartwatch

  • Videos
No Result
View All Result
  • Home
  • entertainment
    • All
    • games
    • movies
    • music
    • sports
    'Elvis': Austin Butler ascends to the Olympus of rock in the final trailer of the Baz Luhrmann biopic

    ‘Elvis’: Austin Butler ascends to the Olympus of rock in the final trailer of the Baz Luhrmann biopic

    'Stranger Things': This is the duration of the nine chapters of the fourth season

    ‘Stranger Things’: This is the duration of the nine chapters of the fourth season

    Sony denies that 'Bad Boys 4' is in danger and defends Will Smith

    Sony denies that ‘Bad Boys 4’ is in danger and defends Will Smith

    'High School Musical: The Musical: The Series' renewed for a fourth season, Olivia Rodrigo will only be a guest star

    ‘High School Musical: The Musical: The Series’ renewed for a fourth season, Olivia Rodrigo will only be a guest star

    'The paper house: Korea': New trailer with the Professor, Tokyo and a union between the two Koreas

    ‘The paper house: Korea’: New trailer with the Professor, Tokyo and a union between the two Koreas

    'Riverdale' renewed for a seventh season, but it will be the last

    ‘Riverdale’ renewed for a seventh season, but it will be the last

  • business
    • All
    • startups
    bitumen 60/70

    Iran Bitumen

    Study Smart: Tips and Tricks to Ace the GED Test

    Study Smart: Tips and Tricks to Ace the GED Test

    Things to Remember When Taking the GED Math Test

    Things to Remember When Taking the GED Math Test

    DutyCope is the newest freelance platform

    Dutycope is the newest freelance platform

    What plans does NASA have to continue working with Russia?

    What plans does NASA have to continue working with Russia?

    Dutycope, the introduction of one of the best freelance sites

    Dutycope, the introduction of one of the best freelance sites

    Boeing's $ 450 million investment in Wisk Aero

    Boeing’s $ 450 million investment in Wisk Aero

    FedEx uses a laser defense system to defend its aircraft against missile attacks

    FedEx uses a laser defense system to defend its aircraft against missile attacks

    Tim Cook earned over $ 98 million last year!

    Tim Cook earned over 98 million Dollar last year!

  • Technology
    • All
    • apps
    • gadget
    • mobile
    Robots and homes with empathy: the next step in the care of the elderly |  Technology

    Robots and homes with empathy: the next step in the care of the elderly | Technology

    DES2022 BARACK OBAMA

    Barack Obama will be present at DES2022

    “I am concerned that large companies like Google, Microsoft, Facebook or Amazon have almost infinite resources” |  Technology

    “I am concerned that large companies like Google, Microsoft, Facebook or Amazon have almost infinite resources” | Technology

    datos no estructurados

    Unstructured data, basis of innovation

    Hoan Ton-That doesn't care about the Geneva Convention |  Technology

    Hoan Ton-That doesn’t care about the Geneva Convention | Technology

    Hannover Messe 2022: toda la tecnología para la industria

    all the technology for the industry

    Trending Tags

  • lifestyle
    • All
    • foods
    • health
    • travel
    3 Days in Dubai – Where to Visit in Dubai

    3 Days in Dubai – Where to Visit in Dubai

    Ata Ghotbi and the road to success

    Ata Ghoutbi and the Road to Success

    5 ways to open frozen pipes without damaging the pipe

    5 ways to open frozen pipes without damaging the pipe

    Why is it better not to use toilet paper?

    Why is it better not to use toilet paper?

    Why do we have to put a pillow between our knees at night?

    Why do we have to put a pillow between our knees at night?

    Two mistakes men make in bed that ruin sex for women!

    Two mistakes men make in bed that ruin sex for women!

    Trending Tags

  • Review
    Review of the first part of the fifth season of the Money Heist series

    Review of the first part of the fifth season of the Money Heist series

    Introduction of Solar Ash game

    Introducing and reviewing the interesting game Solar Ash

    Review Huawei WATCH FIT smartwatch

    Review Huawei WATCH FIT smartwatch

  • Videos
No Result
View All Result
WTM News
No Result
View All Result
  • Home
  • entertainment
  • business
  • Technology
  • lifestyle
  • Review
  • Videos
Home Technology

The “new” trend in cybercrime: extortion of employees

News writer by News writer
April 29, 2022
in Technology
7 0
A A
0
hackeo solarwinds sunburstciberseguridad hacker InvisiMole misiones diplomáticas ESET fortinet extorsión a empleados

The new trend in cybercrime extortion of employees

153
SHARES
235
VIEWS
Share on FacebookShare on Twitter

The “new” trend in cybercrime: extortion of employees
is the headline of the news that the author of WTM News has collected this article. Stay tuned to WTM News to stay up to date with the latest news on this topic. We ask you to follow us on social networks.

Attacks on company information systems have evolved to become extremely sophisticated. Cybercriminals currently exploit vulnerabilities in applications, equipment configurations or communication network protocols to seize the data or systems of any organization, but they also extort employees.

In this context, we often read news about the complex mechanisms they use to subvert the behavior of teams and gain control of them. When that happens, we are sure that many people will think about the deep knowledge that these cybercriminals must havecapable of analyzing systems, evaluating their vulnerable points and developing programs and attack models that require sophisticated computer tools.

For that very reason, when we discover that bribery or extortion of employees are a common part of the mechanisms used to access the accounts of privileged users and with them the protected data of an organization, that fascination collapses.. And it is that social engineering techniques are probably the best tool to violate the security of a company.

Some emblematic cases

The ones known as internal attacks they are probably the most serious threat present in today’s organizations. Via unintentional mistakes or intentional actions, the employees of a company represent the access point that can put the entire security of a company at risk. techniques like the phishing, vishing or smshing are currently complemented by actions focused on recruiting employees to help infiltrate corporate networks. Some cybercrime groups even offer exorbitant amounts to those employees who are willing to betray their companies.

Cybercriminals currently exploit vulnerabilities in applications, equipment configurations or network protocols, but they also extort employees

The examples have been, and are, historically very representative. Just a few years ago, it was discovered that a Tesla employee had been lured into exfiltrating secret company information with the promise of $1 million. Ultimately, the bribe was unsuccessful because the employee himself reported it, and the offender, a friend and former colleague, was arrested.

Similarly, last year an employee of Ubiquiti was accused of extorting his company with the information he had stolen months before. Interestingly, before that, the employee himself had been part of the internal team that investigated the aforementioned incident.

In 2019, LockBit, one of the ransomware most active in the market dark weboffered “business relationships” to employees of various companies to share “profits” if they installed their malware within their organizations.

More recently, the cybercrime group LAPSUS$ disclosed, through its social network accounts, economic offers to employees and former employees of some companies to provide them with access credentials to privileged accounts. In fact, it is believed that many of the “successes” of this group lies precisely in the collaboration of internal employees with their victims.

the internal threat

It is very likely that companies have focused their attention on the risks that come from the outside, tiptoeing past those threats that arise within the same organization.

Currently, Almost half of the cybersecurity incidents that occur in a company involve an internal actor. According to analyzes provided by Forrester, the number of cyberattacks through internal actors have grown by more than 8% in 2021. De facto, it is known that large corporations often feel threatened, for example by disgruntled employees who create false identities on the dark web to offer their services to the highest bidder.

Insider threats are a serious problem for any organization: they are difficult to detect, employees have more and more technological knowledge to act without being detected, they have legitimate access to systems and data, they make use of teleworking tools and, above all, they base much of their security on the assumption of regulatory compliance dictated by the company.

For example, according to a study carried out by MITER and the company DTEX, 56% of data theft stems from employees leaving the company to join the competition; each year the number of incidents related to the leakage of confidential data through screenshots of information shared in videoconferencing systems during teleworking triples; and the number of employees who use corporate computers, with confidential data, for personal matters have multiplied by four.

mitigation plan

Combating this type of threat must therefore become a priority for companies. An effective insider threat mitigation program It will be essential and will serve to protect your critical assets and services.

Monitor the behavior of employees to detect those who make illegal use of the resources available to them, assess the level of risk that each employee represents for the company, implement strategies focused on reinforcing the safety of possible victims according to their possible vulnerabilities or involving the employees themselves in the process of detecting, communicating, stopping or mitigating the inappropriate behavior of another employee, are some of the aspects that a Internal Threat Mitigation Plan must cover.

The truth is that there are numerous factors that influence the materialization of an internal threat, including the personal predisposition of the employee, the pressures to which he is subjected (professional, financial, social…), his habitual behavior inside and outside the company or the guidelines for action in the professional tasks entrusted to him. The concept of “burnout” or employee “burnt out” is a good example of a situation conducive to the successful completion of any of these risks. There is no cybersecurity budget to protect against its possible consequences.

recommendations

The development of a Mitigation Plan for internal threats is a complex task in time and form. Even so, we do not want to miss a set of basic recommendations that can serve as a reference when planning the first steps in the right direction:

  • Principle of the least possible privilege. This is a very simple, yet important step that a company can take to protect itself from these threats: implement an access management model that only assigns privileges to employees for those services and information that are necessary for their assigned function.
  • Monitoring and detection of internal anomalies. Companies often tend to protect their infrastructures with firewall systems, workstation antivirus, operating system version updates, etc. However, they often forget to monitor the traffic within the network. Anomalous behavior on the network is, on many occasions, evidence that shows that something unusual is happening and requires special attention. Sometimes, they are simple accesses to unusual resources, execution of processes after hours, connections of external devices, sending emails to unknown addresses, etc. Any event that breaks with the usual routine of an employee can be analyzed.
  • Network segmentation. The attacks of ransomware, for example, tend to spread through the network through lateral movements, so segmenting access to networks will reduce the risk of spreading to other environments within the company’s infrastructure. Well, the same thing happens with employee access: the possibility of accessing departmental subnets by employees who are not related to them can pose a high risk for any company; hence, establishing duly protected segmentations can be a fundamental element to reduce risks.
  • Traceability of actions. The correct identification of users, as well as the recording of their activities, can ultimately allow the origin of a security incident to be identified. The data collected can be analyzed both in real time and for future forensic analysis to determine the possible involvement of an employee in an insider attack.
  • Code of conduct. Every company must define a code of conduct for all employees in the performance of their duties. Establishing protocols for the use of the resources available to employees can mean the difference when it comes to being able to resort, or not, to data collected to be presented in administrative or criminal complaints. The internal communication processes themselves must be confidential and strict disciplinary rules must be defined against those who violate the code of conduct.

Finally, there is a last recommendation that is not always included in a document but that is perhaps more essential and critical: promote an honest and transparent company culture; Get to know your employees and make them aware of their importance for the future of the company. Perhaps this way you will end up knowing your likes and dislikes a little more, and perhaps this way you can help prevent a malicious third party from taking advantage of them.

By Juanjo Galán, Business Strategy at All4Sec

Source: revistabyte.es

Tags: cybercrimeemployeesextortiontrend
Previous Post

Gas payment opens a crack in the EU: Are energy companies violating sanctions against Russia? | International

Next Post

‘Doctor Strange in the multiverse of madness’: A new spot confirms three possible members of the Illuminati

News writer

News writer

I try to find the best news for you and publish it on WTM News. Follow my articles to become an up-to-date person!

Related Posts

Robots and homes with empathy: the next step in the care of the elderly |  Technology
Technology

Robots and homes with empathy: the next step in the care of the elderly | Technology

May 25, 2022
DES2022 BARACK OBAMA
Technology

Barack Obama will be present at DES2022

May 25, 2022
“I am concerned that large companies like Google, Microsoft, Facebook or Amazon have almost infinite resources” |  Technology
Technology

“I am concerned that large companies like Google, Microsoft, Facebook or Amazon have almost infinite resources” | Technology

May 25, 2022
datos no estructurados
Technology

Unstructured data, basis of innovation

May 24, 2022
Hoan Ton-That doesn't care about the Geneva Convention |  Technology
Technology

Hoan Ton-That doesn’t care about the Geneva Convention | Technology

May 24, 2022
Hannover Messe 2022: toda la tecnología para la industria
Technology

all the technology for the industry

May 24, 2022
Next Post
'Doctor Strange in the multiverse of madness': A new spot confirms three possible members of the Illuminati

'Doctor Strange in the multiverse of madness': A new spot confirms three possible members of the Illuminati

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Trending
  • Comments
  • Latest
Tesla's new update notifies the driver of tire wear

Tesla’s new update notifies the driver of tire wear

December 16, 2021
Time Magazine introduced Elon Musk as the character of 2021!

Time Magazine introduced Elon Musk as the character of 2021!

December 15, 2021
Introduction of Solar Ash game

Introducing and reviewing the interesting game Solar Ash

December 15, 2021
Review of the first part of the fifth season of the Money Heist series

Review of the first part of the fifth season of the Money Heist series

December 15, 2021
Introduction of Solar Ash game

Introducing and reviewing the interesting game Solar Ash

0
Added the ability to check voice messages before sending to WhatsApp!

Added the ability to check voice messages before sending to WhatsApp!

0
Time Magazine introduced Elon Musk as the character of 2021!

Time Magazine introduced Elon Musk as the character of 2021!

0
Review of the first part of the fifth season of the Money Heist series

Review of the first part of the fifth season of the Money Heist series

0
Downing Street party report calls on government 'leaders' to take responsibility |  International

Downing Street party report calls on government ‘leaders’ to take responsibility | International

May 25, 2022
Robots and homes with empathy: the next step in the care of the elderly |  Technology

Robots and homes with empathy: the next step in the care of the elderly | Technology

May 25, 2022
Russia sanctions: Brussels takes first legal step to seize Russian assets to help rebuild Ukraine |  International

Russia sanctions: Brussels takes first legal step to seize Russian assets to help rebuild Ukraine | International

May 25, 2022
DES2022 BARACK OBAMA

Barack Obama will be present at DES2022

May 25, 2022

Latest News

Downing Street party report calls on government 'leaders' to take responsibility |  International

Downing Street party report calls on government ‘leaders’ to take responsibility | International

May 25, 2022
Robots and homes with empathy: the next step in the care of the elderly |  Technology

Robots and homes with empathy: the next step in the care of the elderly | Technology

May 25, 2022
Russia sanctions: Brussels takes first legal step to seize Russian assets to help rebuild Ukraine |  International

Russia sanctions: Brussels takes first legal step to seize Russian assets to help rebuild Ukraine | International

May 25, 2022
DES2022 BARACK OBAMA

Barack Obama will be present at DES2022

May 25, 2022

Suggest application sites

Weltnachrichten

Nachrichten Star

Dutycope

Freelance sites

WTM News

WTM News is a smart magazine that collects new and important technology news of the world for you from all over the web.
Our goal is to compile the best news so that you can more easily get the latest technology news in the world.

Follow us

News Categories

  • apps
  • business
  • entertainment
  • Environment
  • foods
  • gadget
  • games
  • health
  • lifestyle
  • mobile
  • movies
  • music
  • News
  • Other
  • Review
  • science
  • sports
  • startups
  • Technology
  • travel
  • Videos

Freelancer | Logo design | Hervess | Nachrichten Star

latest news

Review of the first part of the fifth season of the Money Heist series

The fifth season of Money Heist series

The points given are based solely on the personal taste of
Introduction of Solar Ash game

Solar Ash game

Score against the average score of this game on the site

WTM NEWS Magazine is just a portal for republishing news in various fields. All news will be placed on the site by mentioning the source. WTM NEWS has no legal responsibility for the accuracy of the news and articles and only reposts the news. © 2022 WTM NEWS

No Result
View All Result
  • Home
  • entertainment
  • business
  • Technology
  • lifestyle
  • Review
  • Videos

WTM NEWS Magazine is just a portal for republishing news in various fields. All news will be placed on the site by mentioning the source. WTM NEWS has no legal responsibility for the accuracy of the news and articles and only reposts the news. © 2022 WTM NEWS

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist