In the evolving cyber security landscape, cyber attacks do not only come from external threats. Insiders, as a hidden threat, are individuals within an organisation who use their privileged access maliciously. They have emerged as a significant concern. This article explores the murky world of insiders in cyber security, shedding light on a little-known but equally dangerous aspect of the cyber threat.

 

What are insiders?

Cybersecurity insiders are employees, contractors or anyone with internal access to an organisation’s systems and data. Unlike external hackers, these individuals are already inside the digital walls and can leverage their position to carry out internal attacks.

Types of insiders:

  1. Malicious insiders: They act with malicious intent, whether for revenge, personal gain or labour unrest. These individuals may steal data, instigate sabotage or engage in activities that compromise the security of the organisation.
  2. Negligent insiders: While not acting maliciously, negligent insiders can accidentally cause harm. This may include loss of devices, use of weak passwords, or lack of awareness of security practices.

 

Real cases

Malicious insiders: Edward Snowden and the NSA

One of the most notorious cases was that of Edward Snowden, a contractor for the US National Security Agency (NSA). In 2013, he leaked classified documents that revealed mass surveillance programmes. This incident highlighted how an insider with privileged access can expose highly sensitive government activities.

 

Malicious insiders: Aleksey Belan and the theft of Yahoo data

Aleksey Belan, a Russian hacker, collaborated with Russian Federal Security Service (FSB) agents to steal personal information from more than 500 million Yahoo accounts in 2014. Belan, who had previously worked as a consultant for the company, exploited his inside knowledge to carry out this attack.

 

Malicious insiders: The Tesla case and internal sabotage

In 2018, a Tesla engineer named Martin Tripp was accused of internal sabotage. Tripp, disgruntled with the company, leaked confidential vehicle production information and altered internal system code. This case highlights how internal motivations can trigger actions detrimental to company security.

 

The Sony Pictures incident and the internal role

In 2014, Sony Pictures was the victim of a devastating attack that included the leak of confidential emails, financial information and the destruction of data. One of the perpetrators was found to be a former Sony Pictures employee, highlighting how former employees with resentments can become insider threats.

 

Negligent insiders: The USB case

A new form of social engineering involves leaving a USB stick in a public place. The USB stick contains a malicious payload that could be initiated when someone plugs it into a computer. The malicious payload could contain a Trojan, rootkits or even ransomware, and the consequences could be dire.

This type of attack aims to prey on people’s curiosity (Whose USB is this? What is on it? Will someone get into trouble if it falls into the wrong hands?). If the attacker intends to break into a particular company, he may target that company’s car park or public areas within the company’s premises, such as the lobby, a cafeteria, toilets or other similar places.

A study conducted by Google placed nearly 300 USB sticks around the campus of the University of Illinois Urbana-Champaign to study the behaviour of those who picked them up. 45% of the people who picked up the USB sticks plugged them into a computer.

 

Risk factors

As we have seen in the examples above, most attacks are usually motivated by the following risk factors:

  • Privileged access: Employees with high levels of access represent a higher risk. System administrators, developers and IT staff are potential targets.
  • Lack of awareness: Lack of awareness of cyber threats and good security practices increases the risk of insiders falling victim to deception.
  • Job dissatisfaction: Disgruntled employees or those who feel unfairly treated may be prone to act maliciously.

 

Cybersecurity insiders represent a real and complex threat. Awareness, training and the implementation of preventative measures are essential to protect organisations against this type of insider threat. By understanding the profile and risk factors associated with insiders, companies can strengthen their defences and stay one step ahead in the ever-challenging battle for cyber security.