Welcome to our weekly post where I will be sharing some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the Future of Cybersecurity!
You can also Subscribe to receive Cyber Intelligence Weekly in your inbox each week.
Away we go!
1. The Newest Ransomware Threat - Your Average Employee
After seeing a number of attempts to email employees to become accomplices in an insider threat scheme, a researcher from Abnormal Security recently responded to their call for volunteers to deploy their ransomware inside their own company. The wannabe extortionist offered “a milli dollars for you in BTC” in their ad. Crane Hassold, director of threat intelligence at Abnormal Security responded to the posting and was alarmed at what he learned. The criminal hackers were trying to recruit him to deploy ransomware to his organization for a cut of the profits. They even sent him legitimate ransomware with very crude instructions on how to deploy it.
While in this case this attempt was not successful, it is alarming to think that criminal organizations are attempting to recruit company insiders with legitimate access. Most organizations try to protect from the outside in but are rarely focused on the insider threats and what that could look like. This story makes me think of the Fraud Triangle and how all it takes is financial need, perceived opportunity and rationalization for a would-be fraudster to carry out such a deed.
The lesson learned here is to postulate what an internal threat might look like and examine the level of internal controls in place that might prevent or detect these types of actions.
2. FBI Warns Companies to ‘Raise Their Shields’ Against Foreign Coerced Insider Threat
Sticking to the internal threat theme of this week, we share a story from Protocol. In their recent piece they outline a conversation with FBI special agent Nick Shenkin who has been working tirelessly to warn tech companies to be aware of the massive insider threats that are looming large in today’s climate. Special Agent Shenkin and the FBI are trying to educate tech and other companies about how foreign governments persuade and coerce company insiders into stealing information or handing over login credentials to their systems.
This is no doubt a serious issue, it has been estimated that US organizations lose hundreds of billions of dollars a year to intellectual property theft. In fact, here is a listing of hundreds of cases to give you an idea just how bad this issue is. However, many organizations don’t know what to do or where to start to defend against the threat. We could spend quite a bit of time on building an insider risk and threat program, however, here are some basic ideas to get started:
- Identify where your sensitive IP is and document who can access it.
- Don’t ignore physical security. Understand who can access sensitive file or storage rooms.
- Understand external stressors that may lead an employee to rationalize their bad actions and look for them.
- Ensure internal access to sensitive data is monitored and watched closely for anomalies.
3. BBM Me on My Vulnerable Crackberry
BlackBerry, the former maker of mobile phones that were popular in the early 2000’s is getting called on the carpet for dragging their feet about the release of a major vulnerability in their QNX operating system. BlackBerry, still in business, produces the QNX operating system that is widely used for embedded device purposes, think ‘IOT’ devices and industrial equipment. Their website boasts that it helps power more than 195 million vehicles. In addition, BlackBerry is also known for it’s acquisition of endpoint security software, Cylance, a number of years ago.
The flaw is related to a Microsoft OS issue that was highlighted back in April of 2021. BlackBerry is being criticized because they have reportedly known about the issue for quite some time but have been slow to highlight and confirm this to their customers.
Critical operating systems that power infrastructure, medical devices, cars and other important equipment need to be subject to more scrutiny. These devices are used to power our daily lives and critical flaws in their operating systems that make them able to be taken over are frankly unacceptable and if BlackBerry has suppressed this data for some time, they need to held accountable.
Updates On Previous CIW Stories:
T-Mobile: Where there is smoke, there is a raging inferno
- T-Mobile confirms that it has been breached.
Apple, the CSAM System Hits Keep Rolling In
- The Washington Post penned a publication on how to build a system like Apple’s and recently posted an opinion piece concluding that the technology is a dangerous.
- Also, security researchers who reverse engineered and are testing the Apple iOS NeuralHash code (the code that scans and reviews your photos), found a hash collision. Essentially, they found that the system concluded two entirely different photos were the same. This seems like it could be a problem!