Kaspersky Report: Malicious Insiders Uncommon, But Devastating

By Eric Noonan • August 25, 2016

Security researchers at Kaspersky Labs released their Threat Intelligence Report for the Telecommunications Industry Monday, revealing the top attack vectors against Internet Service Providers (ISPs) and Cellular Service Providers (CSPs). The report found that attackers commonly target employees with blackmail. Surprisingly enough, the report found that there are a number of employees that help voluntarily too. Threat actors have been identifying employees from a combination of publically available and data breach information, while dark web forums are full of employees offering their services in exchange for payment and often aide in the blackmailing process. Hacker-recruiters leverage the employee’s access to exfiltrate sensitive information.

Internet and Cellular Service Providers are not unique; all organizations are susceptible to this blackmail hacking strategy. Disgruntled employees are also commonplace. As the saying goes, “humans are the weakest link in security”, but that does not mean organizations cannot implement compensating controls to reduce the risk of an incident. One effective strategy to reduce the threat-surface of human interactions is to use the least privilege method for employee accounts, and use shared privileged accounts with a mature privileged account management solution.

Hackers blackmail employees for their access to infrastructure, applications, and data, and malicious insiders offer it up to the highest bidder. By stripping unnecessary access to these systems from employees’ personal accounts, companies minimize the risk associated with comprising these credentials; the principal of least privilege. However, there are many cases when employees have a legitimate business need to access at least some privileged accounts. Privileged Account Management solutions like CyberArk allow employees to use shared high-privileged accounts to access the necessary infrastructure, applications and data, all while keeping it secure, monitored and auditable.

Shared accounts alone are not enough; those same malicious insiders could simply provide the credentials of the shared account instead of their own. Some of the strategies that are possible with mature PAM solutions include one-time passwords, temporary access with account workflow, ticket-based approval, disabling account access during off-hours, and forcing access through a privileged session jumpbox. These strategies negate the risk involved from an insider threat by acting as compensating controls; they prevent disgruntled or blackmailed employees from simply sharing privileged credentials at a whim.

Malicious insider threats are on the rise, and with nearly 1 in 2 companies failing to properly enforce privileged credential controls, the chances are high that your company could be vulnerable. Let the privileged account experts at CyberSheath help your organization defend against the most uncertain, unknown and unpredictable, the human threat.

You can learn more about our approach by viewing our Privileged Access Management service.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.