fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Gangs Increase Efforts to Enlist Insiders for Attacks

Ransomware Gangs Increase Efforts to Enlist Insiders for Attacks

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.

The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.

Also Read: The DNC Singapore: Looking At 2 Sides Better

Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.

Percentage of firms approached by RaaS actors
Percentage of firms approached by ransomware actors
Source: Hitachi ID

In most cases, the threat actors used email and social media to contact employees, but 27% of their approach efforts were conducted via phone calls, a direct and brazen means of contact.

As for the money offered to the employees, most received an offer below $500,000, but some proposals were north of a million USD.

Amounts offered to rogue employees
Amounts offered to rogue employees
Source: Hitachi ID

In half of those cases, ransomware gangs attacked the targeted company even without any insider help.

This shows that once a firm is a candidate for a ransomware attack, the rest is just about exploring potential ways to make the infiltration easier and less likely to be detected.

Also Read: 4 Best Practices On How To Use SkillsFuture Credit

An ignored area

As reflected in the findings of the Hitachi ID survey, insider threats are generally ignored, underrated, and not accounted for when developing cybersecurity plans.

When IT executives were questioned about how concerned they are about internal threats, 36% responded with more concern about external threats, with 3% not worried about threats at all.

What IT executives think about insider threats
What IT executives think about insider threats
Source: Hitachi ID

Since last summer, when the LockBit 2.0 ransomware operation openly invited rogue employees to help them gain corporate network access, the awareness around the issue has been raised, but the problem persists.

CISA released a tool that can help companies assess their stance against insider threats in September 2021, warning that the particular trend is rising.

The entities that decided to do something about the issue increased employee training and sent fake emails to employees in critical areas with reports of disgruntled employees or low-performance indicators. However, most haven’t implemented specific security measures to curb the problem.

Ideal timing

The fact that the United States is going through a job quitting surge called the “Great Resignation” raises the chances of success for ransomware actors in these peculiar negotiations.

Today, many companies have employees on the verge of quitting or who have already decided to leave but wait for the right moment, and an unexpected offer involving a large sum of money may be enticing for some.

An increasing number of people feel over-stressed, underpaid, exploited, exhausted, or don’t feel like work is worth their time and energy anymore.

These people may be seen as ideal candidates for ransomware gangs who entice them with a hefty payment to be short-term accomplices.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us