Do you need help & advice with this topic?
This piece looks at the growing problem of insider threats and how they can impact businesses. We’ll cover some real-world examples and discuss practical steps you can take to protect your company.
Key Takeaways
- Ransomware as a Service: Easy access for anyone to launch attacks.
- Fake Profiles & Impersonation: North Koreans applying for jobs with fake profiles and face swaps are a real concern.
- Authenticator Prompt Spam: Attackers send endless requests until someone accidentally approves.
- Limited Admin Rights: System administrators shouldn’t have constant access to everything.
- Shared Logins: A big no-no that makes auditing impossible.
The Hacker’s Bargain: Bribery and Ransomware
It turns out, hackers are getting pretty creative. In one instance, a researcher was approached by hackers who thought he was in the IT team. They offered him a cut – 15 to 20% – of any ransomware money they made. Imagine getting a few hundred grand, maybe even a few million. It’s a tempting offer for someone unhappy in their job, right?
This is exactly why limiting people’s permissions is so important. Even system administrators, who have high-risk accounts, should try to limit their access. Using something called "just-in-time access" is a good idea. This means giving yourself access to do a specific task for a limited time, and then it’s automatically taken away. It’s all audited, so you can easily see who did what. This is also why sharing login accounts is a terrible idea.
Ransomware as a Service: Anyone Can Be a Hacker
If you haven’t heard of "ransomware as a service," get ready. For very little money, you can buy this service. You just run it on the companies you want to target. Honestly, any criminal with a bit of technical know-how can use these platforms. It doesn’t require much skill at all. Anyone watching this could easily do it – though I hope you won’t, because it’s illegal and wrong.
Some of these services are linked to teenage hacking groups, others to nation-states, and some to both. It’s a worrying trend that makes these attacks more accessible than ever.
Fake Profiles and Impersonation: A Growing Threat
We’re also seeing some really sneaky tactics. For example, North Koreans have been caught applying for jobs using fake profiles and even fake face-swap technology. It’s entirely possible for someone to impersonate you online, especially with so much video content available. It’s getting easier and less obvious, which is a big problem.
So, how do we control who has access to our systems? Traditionally, system administrators have had the "golden ticket" – access to everything. But that’s not always necessary. Most of the day-to-day tasks don’t require that level of access. And even when it is needed, permissions can be granted temporarily and then revoked. Tools are available to manage users and access without needing direct logins to every system.
Authenticator Spam: The Weakest Link
Another common tactic involves multi-factor authentication (MFA). If you use Microsoft Authenticator, you should set it up for number matching. This means you have to type in a specific two-digit number to approve a login. Without it, attackers can send endless MFA requests until someone accidentally presses "okay." The journalist in the example knew this and avoided clicking. They had to ask their IT department to nuke their account to stop the barrage.
Protecting Your Business: Practical Steps
Given these risks, it’s vital to think about how you limit access. This applies not just to your IT team but also to third parties. There are many tools available now:
- Just-in-Time Access: Grant permissions only when needed and for a limited duration.
- Avoid Shared Logins: Each user should have their own unique account.
- Number Matching in Authenticator Apps: Always enable this feature.
- Audit Access Regularly: Keep track of who is accessing what.
- Offline Incident Plan: Have a plan ready in case your systems go down.
By taking these steps, you can significantly reduce the risk of insider threats and protect your business from costly attacks. It’s about being proactive and making it harder for attackers to succeed.
