• Advertising
  • Disclaimer
  • Copy Right
  • Contact us
  • About us
WTM News
Web Hosting and Linux/Windows VPS in USA, UK and Germany
  • Home
  • entertainment
    • All
    • games
    • movies
    • music
    • sports
    '1899': The creators assure that they are already working on the next seasons and a possible ending

    ‘1899’: The creators assure that they are already working on the next seasons and a possible ending

    Las películas españolas que más esperamos en 2023

    Las películas españolas que más esperamos en 2023

    From 'Appointment in St. Louis' to 'Fifteen Days of Pleasure': 10 Great Christmas Musicals in Film History

    From ‘Appointment in St. Louis’ to ‘Fifteen Days of Pleasure’: 10 Great Christmas Musicals in Film History

    'Dreamland' review, by Jason Momoa on Netflix

    ‘Dreamland’ review, by Jason Momoa on Netflix

    Review, 'Kings vs. Santa': Family Christmas spirit with a thug twist

    Review, ‘Kings vs. Santa’: Family Christmas spirit with a thug twist

    release date, cast, synopsis

    release date, cast, synopsis

  • business
    • All
    • startups
    How to Buy Cryptocurrency

    How to Buy Cryptocurrency

    The first retail site in the Middle East

    The first retail site in the Middle East!

    Submit your projects to duty cope professional freelancers!

    Submit your projects to duty cope professional freelancers!

    bitumen 60/70

    Iran Bitumen

    Study Smart: Tips and Tricks to Ace the GED Test

    Study Smart: Tips and Tricks to Ace the GED Test

    Things to Remember When Taking the GED Math Test

    Things to Remember When Taking the GED Math Test

    DutyCope is the newest freelance platform

    Dutycope is the newest freelance platform

    What plans does NASA have to continue working with Russia?

    What plans does NASA have to continue working with Russia?

    Dutycope, the introduction of one of the best freelance sites

    Dutycope, the introduction of one of the best freelance sites

  • Technology
    • All
    • apps
    • gadget
    • mobile
    profesiones tecnológicas tecnología circular

    Circular technology: this is how it will evolve

    Elon Musk's biographer: "For him, chaos is standard operating procedure" |  Technology

    Elon Musk’s biographer: “For him, chaos is standard operating procedure” | Technology

    Roberto Lopez Familia Martínez

    Interview with Roberto López, Corporate CTO Familia Martínez

    Cloudera Data Platform One

    Cloudera Data Platform One, accessible data analytics

    Cloud services to solve complex IT problems

    SAP deploys the first public cloud project at Cepsa

    appian world data fabric

    Appian joins the Low-Code Data Fabric

    Trending Tags

  • lifestyle
    • All
    • foods
    • health
    • travel
    Body Contouring

    Common Types of Body Contouring Methods

    Cyruscrafts decorative handicrafts

    Iranian Decorative Handicrafts

    3 Days in Dubai – Where to Visit in Dubai

    3 Days in Dubai – Where to Visit in Dubai

    Ata Ghotbi and the road to success

    Ata Ghoutbi and the Road to Success

    5 ways to open frozen pipes without damaging the pipe

    5 ways to open frozen pipes without damaging the pipe

    Why is it better not to use toilet paper?

    Why is it better not to use toilet paper?

    Trending Tags

  • Review
    Review of the first part of the fifth season of the Money Heist series

    Review of the first part of the fifth season of the Money Heist series

    Introduction of Solar Ash game

    Introducing and reviewing the interesting game Solar Ash

    Review Huawei WATCH FIT smartwatch

    Review Huawei WATCH FIT smartwatch

  • Videos
No Result
View All Result
  • Home
  • entertainment
    • All
    • games
    • movies
    • music
    • sports
    '1899': The creators assure that they are already working on the next seasons and a possible ending

    ‘1899’: The creators assure that they are already working on the next seasons and a possible ending

    Las películas españolas que más esperamos en 2023

    Las películas españolas que más esperamos en 2023

    From 'Appointment in St. Louis' to 'Fifteen Days of Pleasure': 10 Great Christmas Musicals in Film History

    From ‘Appointment in St. Louis’ to ‘Fifteen Days of Pleasure’: 10 Great Christmas Musicals in Film History

    'Dreamland' review, by Jason Momoa on Netflix

    ‘Dreamland’ review, by Jason Momoa on Netflix

    Review, 'Kings vs. Santa': Family Christmas spirit with a thug twist

    Review, ‘Kings vs. Santa’: Family Christmas spirit with a thug twist

    release date, cast, synopsis

    release date, cast, synopsis

  • business
    • All
    • startups
    How to Buy Cryptocurrency

    How to Buy Cryptocurrency

    The first retail site in the Middle East

    The first retail site in the Middle East!

    Submit your projects to duty cope professional freelancers!

    Submit your projects to duty cope professional freelancers!

    bitumen 60/70

    Iran Bitumen

    Study Smart: Tips and Tricks to Ace the GED Test

    Study Smart: Tips and Tricks to Ace the GED Test

    Things to Remember When Taking the GED Math Test

    Things to Remember When Taking the GED Math Test

    DutyCope is the newest freelance platform

    Dutycope is the newest freelance platform

    What plans does NASA have to continue working with Russia?

    What plans does NASA have to continue working with Russia?

    Dutycope, the introduction of one of the best freelance sites

    Dutycope, the introduction of one of the best freelance sites

  • Technology
    • All
    • apps
    • gadget
    • mobile
    profesiones tecnológicas tecnología circular

    Circular technology: this is how it will evolve

    Elon Musk's biographer: "For him, chaos is standard operating procedure" |  Technology

    Elon Musk’s biographer: “For him, chaos is standard operating procedure” | Technology

    Roberto Lopez Familia Martínez

    Interview with Roberto López, Corporate CTO Familia Martínez

    Cloudera Data Platform One

    Cloudera Data Platform One, accessible data analytics

    Cloud services to solve complex IT problems

    SAP deploys the first public cloud project at Cepsa

    appian world data fabric

    Appian joins the Low-Code Data Fabric

    Trending Tags

  • lifestyle
    • All
    • foods
    • health
    • travel
    Body Contouring

    Common Types of Body Contouring Methods

    Cyruscrafts decorative handicrafts

    Iranian Decorative Handicrafts

    3 Days in Dubai – Where to Visit in Dubai

    3 Days in Dubai – Where to Visit in Dubai

    Ata Ghotbi and the road to success

    Ata Ghoutbi and the Road to Success

    5 ways to open frozen pipes without damaging the pipe

    5 ways to open frozen pipes without damaging the pipe

    Why is it better not to use toilet paper?

    Why is it better not to use toilet paper?

    Trending Tags

  • Review
    Review of the first part of the fifth season of the Money Heist series

    Review of the first part of the fifth season of the Money Heist series

    Introduction of Solar Ash game

    Introducing and reviewing the interesting game Solar Ash

    Review Huawei WATCH FIT smartwatch

    Review Huawei WATCH FIT smartwatch

  • Videos
No Result
View All Result
WTM News
No Result
View All Result
  • Home
  • entertainment
  • business
  • Technology
  • lifestyle
  • Review
  • Videos
Home Technology

The fashion of cybercriminals: bribery and extortion

News writer by News writer
April 22, 2022
in Technology
7 0
A A
0
ciberdelincuentes, soborno y extorsión a empleados

The fashion of cybercriminals bribery and extortion

153
SHARES
235
VIEWS
Share on FacebookShare on Twitter

The fashion of cybercriminals: bribery and extortion
is the headline of the news that the author of WTM News has collected this article. Stay tuned to WTM News to stay up to date with the latest news on this topic. We ask you to follow us on social networks.

cybercriminals, bribery and extortion of employees

Attacks on company information systems have evolved to become extremely sophisticated. Cybercriminals currently exploit vulnerabilities in applications, equipment configurations or communication network protocols to seize the data or systems of any organization.

In this context, we often read news about the complex mechanisms they use to subvert the behavior of teams and gain control of them. When that happens, we are sure that many people will think about the deep knowledge that these cybercriminals must have, capable of analyzing systems, evaluating their vulnerable points and developing programs and attack models that require sophisticated computer tools.

For this reason, when we discover that bribery or extortion are a common part of the mechanisms used to access the accounts of privileged users and with them the protected data of an organization, that fascination collapses. And it is that social engineering techniques are probably the best tool to violate the security of a company.

cybercriminals, emblematic cases

Those known as internal attacks are probably the most serious threat that is presented in today’s organizations. Through inadvertent errors or intentional actions, a company’s employees represent the access point that can put the entire security of a company at risk.

Techniques such as phishing, vishing or smshing are currently complemented by actions focused on recruiting employees to help infiltrate corporate networks. Some cybercrime groups even offer exorbitant amounts to those employees who are willing to betray their companies.

The examples have been, and are, historically very representative. Just a few years ago, it was discovered that a Tesla employee had been lured into exfiltrating secret company information with the promise of $1 million.

Ultimately, the bribe was unsuccessful because the employee himself reported it, and the offender, a friend and former colleague, was arrested. Similarly, last year, a Ubiquiti employee was accused of extorting the company from him with information he had stolen months earlier. Interestingly, before that, the employee himself had been part of the internal team that investigated the aforementioned incident.

In 2019, LockBit, one of the most active ransomware on the DarkWeb market, offered “business relationships” to employees of various companies to share “profits” if they installed their malware within their organizations.

More recently, the LAPSUS$ cybercrime group disclosed, through its social network accounts, economic offers to employees and former employees of some companies to provide them with access credentials to privileged accounts. In fact, it is believed that many of the “successes” of this group lies precisely in the collaboration of internal employees with their victims.

The “new” trend of cybercriminals: bribery and extortion of employees

the internal threat

It is very likely that companies have focused their attention on the risks that come from the outside, tiptoeing past those threats that arise within the same organization.

Currently, almost half of the cybersecurity incidents that occur in a company involve an internal actor. According to analysis provided by Forrester, the number of cyberattacks through internal actors has grown by more than 8% in 2021. In fact, it is known that large corporations often feel threatened, for example by disgruntled employees. who create false identities on the DarkWeb to offer their services to the highest bidder.

Insider threats are a serious problem for any organization: they are difficult to detect, employees are increasingly technologically savvy to act undetected, they have legitimate access to systems and data, they use remote working tools and, above all, they base much of their security on the assumption of regulatory compliance dictated by the company.

For example, according to a study carried out by MITER and the company DTEX, 56% of data theft arises from employees who leave the company to join the competition; each year the number of incidents related to the leakage of confidential data through screenshots of information shared in videoconferencing systems during teleworking triples; and the number of employees who use corporate computers, with confidential data, for personal matters have multiplied by four.

mitigation plan

Combating this type of threat must therefore become a priority for companies. An effective insider threat mitigation program will be critical to protecting your critical assets and services.

Monitor the behavior of employees to detect those who make illegal use of the resources available to them, assess the level of risk that each employee represents for the company, implement strategies focused on reinforcing the safety of possible victims according to their possible vulnerabilities or involving the employees themselves in the process of detecting, communicating, stopping or mitigating the inappropriate behavior of another employee, are some of the aspects that an Internal Threat Mitigation Plan must cover.

The truth is that there are numerous factors that influence the materialization of an internal threat, including the personal predisposition of the employee, the pressures to which he is subjected (professional, financial, social…), his habitual behavior inside and outside the company or the guidelines for action in the professional tasks entrusted to him. The concept of “burnout” or employee “burned” is a good example of a situation conducive to the successful completion of any of these risks. There is no cybersecurity budget to protect against its possible consequences.

recommendations

The development of a Mitigation Plan for internal threats is a complex task in time and form. Even so, we do not want to miss a set of basic recommendations that can serve as a reference when considering the first steps in the right direction:

  • Principle of the least possible privilege. This is a very simple, yet important step that a company can take to protect itself from these threats: implement an access management model that only assigns privileges to employees for those services and information that are necessary for their assigned function.
  • Monitoring and detection of internal anomalies. Companies often tend to protect their infrastructures with firewall systems, workstation antivirus, operating system version updates, etc. However, they often forget to monitor the traffic within the network. Abnormal behavior on the network is, on many occasions, evidence that shows that something unusual is happening and requires special attention. Sometimes, they are simple accesses to unusual resources, execution of processes after hours, connections of external devices, sending emails to unknown addresses, etc. Any event that breaks with the usual routine of an employee can be analyzed.
  • Network segmentation. Ransomware attacks, for example, tend to spread across the network through lateral movements, so segmenting network access will reduce the risk of spread to other environments within the company’s infrastructure. Well, the same thing happens with employee access: the possibility of accessing departmental subnets by employees who are not related to them can pose a high risk for any company; hence, establishing duly protected segmentations can be a fundamental element to reduce risks.
  • Traceability of actions. The correct identification of users, as well as the recording of their activities, can ultimately allow the origin of a security incident to be identified. The data collected can be analyzed both in real time and for future forensic analysis to determine the possible involvement of an employee in an insider attack.
  • Code of conduct. Every company must define a code of conduct for all employees in the performance of their duties. Establishing protocols for the use of the resources available to employees can mean the difference when it comes to being able to resort, or not, to data collected to be presented in administrative or criminal complaints. The internal communication processes themselves must be confidential and strict disciplinary rules must be defined against those who violate the code of conduct.

Finally, there is a last recommendation that is not always included in a document but that is perhaps more essential and critical: promote an honest and transparent company culture; Get to know your employees and make them aware of their importance for the future of the company. Perhaps this way you will end up knowing your likes and dislikes a little more, and perhaps this way you can help prevent a malicious third party from taking advantage of them.

Author: Juanjo Galán, Business Strategy at All4Sec

Source: revistabyte.es

Tags: briberycybercriminalsextortionfashion
Previous Post

‘Stranger Things 4’ doubles the budget of the final season of ‘Game of Thrones’

Next Post

War in Ukraine: The UN confirms the murder of at least 50 civilians in Bucha | International

News writer

News writer

I try to find the best news for you and publish it on WTM News. Follow my articles to become an up-to-date person!

Related Posts

profesiones tecnológicas tecnología circular
Technology

Circular technology: this is how it will evolve

November 23, 2022
Elon Musk's biographer: "For him, chaos is standard operating procedure" |  Technology
Technology

Elon Musk’s biographer: “For him, chaos is standard operating procedure” | Technology

November 23, 2022
Roberto Lopez Familia Martínez
Technology

Interview with Roberto López, Corporate CTO Familia Martínez

November 23, 2022
Cloudera Data Platform One
Technology

Cloudera Data Platform One, accessible data analytics

November 22, 2022
Cloud services to solve complex IT problems
Technology

SAP deploys the first public cloud project at Cepsa

November 22, 2022
appian world data fabric
Technology

Appian joins the Low-Code Data Fabric

November 22, 2022
Next Post
War in Ukraine: The UN confirms the murder of at least 50 civilians in Bucha |  International

War in Ukraine: The UN confirms the murder of at least 50 civilians in Bucha | International

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Trending
  • Comments
  • Latest
Tesla's new update notifies the driver of tire wear

Tesla’s new update notifies the driver of tire wear

December 16, 2021
'Stranger Things': Jamie Campbell Bower opens up about her secret role for the first time

‘Stranger Things’: Jamie Campbell Bower opens up about her secret role for the first time

May 31, 2022
Time Magazine introduced Elon Musk as the character of 2021!

Time Magazine introduced Elon Musk as the character of 2021!

July 24, 2021
Introduction of Solar Ash game

Introducing and reviewing the interesting game Solar Ash

July 25, 2021
Introduction of Solar Ash game

Introducing and reviewing the interesting game Solar Ash

0
Added the ability to check voice messages before sending to WhatsApp!

Added the ability to check voice messages before sending to WhatsApp!

0
Time Magazine introduced Elon Musk as the character of 2021!

Time Magazine introduced Elon Musk as the character of 2021!

0
Review of the first part of the fifth season of the Money Heist series

Review of the first part of the fifth season of the Money Heist series

0
At least one dead and 19 injured by two explosions at bus stops in Jerusalem |  International

At least one dead and 19 injured by two explosions at bus stops in Jerusalem | International

November 23, 2022
profesiones tecnológicas tecnología circular

Circular technology: this is how it will evolve

November 23, 2022
Elon Musk's biographer: "For him, chaos is standard operating procedure" |  Technology

Elon Musk’s biographer: “For him, chaos is standard operating procedure” | Technology

November 23, 2022
Li Qiang, Xi Jinping's loyal lieutenant |  International

Li Qiang, Xi Jinping’s loyal lieutenant | International

November 23, 2022

Latest News

At least one dead and 19 injured by two explosions at bus stops in Jerusalem |  International

At least one dead and 19 injured by two explosions at bus stops in Jerusalem | International

November 23, 2022
profesiones tecnológicas tecnología circular

Circular technology: this is how it will evolve

November 23, 2022
Elon Musk's biographer: "For him, chaos is standard operating procedure" |  Technology

Elon Musk’s biographer: “For him, chaos is standard operating procedure” | Technology

November 23, 2022
Li Qiang, Xi Jinping's loyal lieutenant |  International

Li Qiang, Xi Jinping’s loyal lieutenant | International

November 23, 2022

Suggest application sites

Weltnachrichten

Nachrichten Star

Dutycope

Freelance sites

Bitrogen

News Pro

Arabic news

Buy sponsor post

WTM News

WTM News is a smart magazine that collects new and important technology news of the world for you from all over the web.
Our goal is to compile the best news so that you can more easily get the latest technology news in the world.

Follow us

News Categories

  • apps
  • business
  • entertainment
  • Environment
  • foods
  • gadget
  • games
  • health
  • lifestyle
  • mobile
  • movies
  • music
  • News
  • Other
  • Review
  • science
  • sports
  • startups
  • Technology
  • travel
  • Videos

Freelancer | Logo design | Hervess | Nachrichten Star | News Pro | Arabic news

Buy sponsor post

latest news

Review of the first part of the fifth season of the Money Heist series

The fifth season of Money Heist series

The points given are based solely on the personal taste of
Introduction of Solar Ash game

Solar Ash game

Score against the average score of this game on the site

WTM NEWS Magazine is just a portal for republishing news in various fields. All news will be placed on the site by mentioning the source. WTM NEWS has no legal responsibility for the accuracy of the news and articles and only reposts the news. © 2022 WTM NEWS

No Result
View All Result
  • Home
  • entertainment
  • business
  • Technology
  • lifestyle
  • Review
  • Videos

WTM NEWS Magazine is just a portal for republishing news in various fields. All news will be placed on the site by mentioning the source. WTM NEWS has no legal responsibility for the accuracy of the news and articles and only reposts the news. © 2022 WTM NEWS

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist