Insider Threats: Breaching The Human Barrier

  • 20 October 2014
  • 1 reply
  • 164 views

Userlevel 7
ByChristopher Hadnagy  Posted on 10/20/2014
 
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
 Undoubtedly, every InfoSec professional has heard the argument that the perimeter was broken. That was so 1995. The new rage is to break the “human barrier.” You know, those things that run the companies. Increasingly, attackers are using social engineering to target a corporation’s most vulnerable asset: the human. From there attackers hack the systems and completely own the company from the inside out.
A while back, WHMCS, an online banking and bill paying company, was attacked by an outsider with real access credentials pretending to be an insider.  It turns out, the data base administrator for the organization was pretty active on social media. From basic profiling of his public information, attackers were able to garner the answers to his security questions. After a quick phone call and password reset, attackers were able to download 1.1 Gigabytes of credit card numbers and subsequently erased the servers just for kicks. A five-minute phone call opened the window of opportunity for a dox, which turned into total ownership.
That is just an outsider acting as an insider. What about an actual insider that has ill intent towards your company?
 
 
Full Article

1 reply

Userlevel 7
The problem here can become even more complicated the more security that is put in place.  My workplace is really pretty secure.... the average employee cannot send email, cannot get to most web pages or Social Media sites, cannot run any exectuables.  There really is not much they can do to break things other than prying the keys off the keyboard.
 
Those who have more advanced or technical jobs, however, can sit down at the very same computers and have quite a fun time indeed.  My own permission set had to be expanded greatly from the average employee, and so it would have been theoretically possible for me to pretty much get past or break every bit of security on the systems.
 
The more important the employee or thier job is, the more likely they will have need of greater access... and thus the greater chance they can really foul things up if they so desired.

Reply