One Article Review
| Source |  CISCO Talos |
|---|---|
| Identifiant | 7060782 |
| Date de publication | 2022-09-22 07:58:29 (vue: 2022-09-22 13:06:38) |
| Titre | Insider Threats: Your employees are being used against you |
| Texte |  By Nick Biasini.Insider threats are becoming an increasingly common part of the attack chain, with malicious insiders and unwitting assets playing key roles in incidents over the past year.Social engineering should be part of any organization's policies and procedures and a key area for user education in 2023 and beyond.Mitigating these types of risks include education, user/access control, and ensuring proper processes and procedures are in place when and if employees leave the organization.Traditionally, attackers try to leverage vulnerabilities to deliver malicious payloads via exploitation. But more recently, that activity has shifted away from exploitation and consistently moved closer and closer to the user. Initially, threat actors loved to trick users into enabling malicious macros in Microsoft Office documents, but as Microsoft moves to blunt the effectiveness of macros, adversaries are always going to move to the next avenue to generate malicious revenue. This is where insider threats come into play. There are two broad categories of insider threats: the malicious insider and the unwitting asset. Both present unique challenges in detection and prevention for defenders and organizations' IT admins. Malicious InsidersThere are a variety of reasons a user may choose to become a malicious insider, and unfortunately, many of them are occurring today. Let's start with the most obvious: financial distress. When a user has a lot of debt, selling the ability to infect their employer can be a tempting avenue. We've seen examples of users trying to sell access into their employers' networks for more than a decade, having spotted them on dark web forums. The current climate is, unfortunately, ripe for this type of abuse. The economy is on the brink of a recession, inflation continues to spike, and the cryptocurrency markets have lost as much as 70% of their peak value from late 2021. Combined, these factors can create an environment where employees are susceptible to coercion, putting the enterprise at risk.Financial distress is a serious concern for employee compromise as evidenced by the fact that nearly half of the security clearance denials in the U.S. have to do with financial considerations. It is also a common factor in clearances being revoked, clearly demonstrating the risk it can present. This financial distress can also be leveraged by adversaries to force users to take actions they would not have otherwise by threatening to expose the issues publicly.Financial distress isn't the only factor that could drive an employee to turn against their employer. In today's highly polarized political climate, the risk that an employee may take malicious action against their employer due to a perceived political stance from the employer is ever present. These could be spurred on by the action or inaction organizations take related to a piece of legislation or other societal issues. |
| Envoyé | Oui |
| Condensat | malicious one realize this 2021 2023 2024 ability able about abuse abused accept access accessing account accounts across acting action actions active activity actors additional additionally addressed administrators admins adversaries adversary affecting after against aid alerting alerts all allowed allowing almost along also although always amount amounts analyzing another any anything applications approach approached approval are area aren around asking asset assets assetsthis attachments attack attacker attackers attacks attempt attempting attempts attest auditing authentication avenue aware away balances bec become becoming been being better beyond biasini block blunt both boundary brink broad business but call campaign can cannot case categories category chain challenges challenging checks choose cisco clearance clearances clearly click climate closer cloud coercion combined come comes common commonly company complete compromise compromised concern configured connect connections considerations consistently contact continue continues control controls could cratered create created credentials creep criminals cryptocurrencies cryptocurrency current dark data deal debt decade defenders defense defraud deliver demonstrating denials denied departed deploy depth destruction detect detection devastating device difficult directly disabled disabling disclosed discuss distress documents doesn drive due dwindle easier easily economy educate education effectiveness effects election elevated eliminate email emerged employee employees employer employers empty enabling end engagements engineering engineeringthe ensure ensuring enterprise enterprises environment especially establish evading even ever evidenced example examples existing exploit exploitation expose extract face fact factor factors fall far fell fill final finally financial financially find fired first focus focused force forced foremost forgotten form former forums found from funds further future generate get getting give going group groups half hand handled hands has have having havoc help highly historically hoarding hosted how however hybrid illustrating implementing important improve inaction incident incidents include including increased increasing increasingly increasingover indication infect infection inflation initially initiate innocuous inside insider insiders insidersthere inspecting investigated investigations involving isn issue issues job jobs just key landscape laptops late laterally leap least leave leaves left legislation length less let level leverage leveraged leveraging lifecycle like likely likewise limit lines links little logic login look looks lost lot loved macros make maldocs malicious maliciously manipulate manipulated manipulation many markets mask matters may meant mechanism members meta metamask mfa microsoft minimum misconfigured missed mistakes mitigating mnemonic money months more most motivated move moved movement moves much multi mutual navigate nearly need needs network networks never next nft/cryptocurrency nick normal north/south not number numerous obvious obvious: occasionally occurring occurs office often once one only open operations options organization organizations organizations/departments other otherwise out outside over oversight own pace part password passworddefending past path payloads payouts peak pentesting people perceived perfect perform period permission person phishing phone piece place play played playing plug polarized policies policy political pose post posting potential prepared present presidential prevent prevention primary procedures processes prominent proper publicly purposes putting quickly realized really reasons recently recession recourse red regarding regularly related remotely removed repeatedly request required resign resistance response resulting results revenue revoked ripe rise risk risks role roles roll rotate routine same saw scams scenario security see seems seen sell selling sending separation serious service share shared shifted short should shouldn shown side sign |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.