‘38 per cent of targeted cyber attacks involve firms’ employees’
• International Olympics Committee hit by 800m attacks in Brazil
A new research report from cyber-security specialist Kaspersky Lab revealed that gangs of highly sophisticated cyber-criminals are recruiting people working at various levels in IT, telecommunications firms and service provider companies to become suborned insiders allowing cyber-attackers to gain access to network and subscriber data.
This is even as that the International Olympics Committee recently announced that it was hit with 800 million cyber-attacks during the course of the just ended Summer Olympics in Rio de Janeiro, Brazil, which was four time the rate endured at the London Games of 2012.
The Kapersky report showed that 28 per cent of all Distributed Denial of Service (DDoS) attacks and 38 per cent of targeted cyber-attacks involve skilled, knowledgeable and often either disaffected compromised or just plain greedy employees.
Sophisticated the criminal gangs might be but they are not above the good-old criminal stand-by’s of threats, intimidation and the use of a bit of blunt force trauma when they consider it necessary. Insider targets that won’t or can’t be bribed are blackmailed into betraying their companies because, irony of ironies, the gangs’ use compromising personal information they glean from open sources as ammunition to scare employees into compliance.
Unsurprisingly, the report said telecommunications firms and network operators are a prime target of cyber-criminals because they hold what is, quite simply, an unbelievably enormous treasure trove of sensitive data on both customers and the workings and security of the firm and ISP networks themselves.
Kaspersky Lab revealed that the cyber-gangs have a range of tactics and strategies they use to suborn employees of organisations. The first approach is to tempt disenchanted and thus potentially willing workers to betray their employers via hidden ‘underground’ message boards on the dark web or via the intermediary services of crooked ‘middlemen’ recruiters. If that fails, the gangs quickly fall back to the blackmail option – indeed, the report says that for many gangs blackmail is becoming the premier weapon of choice because it is so easy to apply, ensures continuing compliance and costs nothing to enforce.
In the US the FBI says that after the enormous online data breaches perpetrated by the likes of Edward Snowden and Ashley Madison it is easier than ever for cyber-criminals to gain access to compromising private data that can be used to blackmail telecoms fir, and service provider employees and on June 1 this year, the agency even went so far as to issue one of its Public Service Announcements specifically warning of the risk and impact of ‘data-leak related extortion”.
The cyber-gangs also have a hit list of telecoms job titles and responsibilities attached to them. Those most heavily targeted are executives who have direct and fast access to subscriber and corporate data – be that in a fixed line or mobile operator.