Flat wages, layoffs and automation are creating an army of disgruntled workers with ready access to enterprise networks
People respond to incentives. And we have all heard the phrase "everyone has their price." This article may be an example of those concepts. There even seems to be a market for this "service" with want ads on the dark web. Excerpts:
"The souring economy has hackers on the hunt for disgruntled workers open to assisting with cyberattacks through authorized access into their employer’s digital systems.
The workers are typically offered a share of ransomware payoffs or stolen data sales for their services. “The lure of coaxing an employee to betray their allegiance is the holy grail for bad actors,” said Mike McPherson, senior vice president of security operations at cybersecurity firm ReliaQuest."
"hackers are actively combing social media apps for workers who post about layoffs, pay issues and unfair treatment, or those who were recently fired, demoted or passed over for a promotion"
"Roughly 32% of all data-loss incidents at organizations worldwide over the past year involved a malicious insider, up from 20% in 2024"
"malicious-insider attacks tend to be more lucrative"
"As a shortcut to finding willing insiders, some hackers post help-wanted ads across the dark web."
"Another strategy is to scan job seeker qualifications on career-networking sites"
"Another cybercrime strategy is to plant hackers inside an organization to pose as legitimate workers. Last year, an Arizona woman was sentenced to eight years in federal prison for helping North Korean hackers use fake credentials to land remote IT jobs at more than 300 U.S. companies"
"guarding against insider-assisted attacks requires companies to watch for behavioral warning signs, rather than technical indicators. These can include unusual data access patterns, large downloads before a resignation, or the use of unauthorized tools and personal cloud services"
No comments:
Post a Comment