Enterprotect

View Original

How Ransomware Recruitment Is Turning Employees Into Accomplices

Modern cyber attacks have become increasingly sophisticated and happening at a higher frequencies than ever before. Threat actors are using advanced tools and methods in order to slip by defenses. However, we are starting to see worrisome trends that aren’t so subtle in their approach.

One of the biggest current trends that’s sure to keep some business owners up at night is cyber criminals recruiting employees to become internal threats. By soliciting their services through social engineering tactics, threat actors are convincing disgruntled employees, or those looking for a windfall, to open the doors providing easy network access. This is something that all businesses need to be aware of, and in this guide, we will reveal key cyber security tips and advice that you can use to combat this new internal threat. 

Are Cyber Criminals Soliciting Your Employees? 

Traditionally, ransomware attacks involve a cyber criminal attempting to infiltrate networks by sending out phishing emails with malicious attachments or fraudulent links. It typically takes just one click to trigger a malware attack and open a gateway into your network. It’s a numbers game with high payoffs once they find their way into your systems.

Now, cyber criminals are attempting to increase their odds using a more selective attack vector. They’re focusing on finding employees that have direct access to the company’s network. The situation becomes even more favourable if said employee is disgruntled or looking for a big payday.

Employee revenge cases aren’t as uncommon as we think, however, it’s the current employees that bad actors are looking to solicit. It may take hundreds of thousands of dollars or even the promise of millions of dollars for an employee to betray their company, but if the amount can be met by a hefty ransom and the “assist” cannot be traced, the question becomes - would an employee say no?

How Ransomware Recruitment Works

As mentioned, cybercriminals are getting more sophisticated, and this involves trying unique approaches to gain access to enterprise computer systems. Ransomware recruitment is something that Abnormal Security has reported to have experienced lately. The company stated that it identified and blocked a number of suspicious emails that were sent to its employees. They believe that these emails came from someone who is associated with the ransomware group DemonWare.

In the emails, the sender tells the recipients they would either be paid 40 percent of the roughly $2.5 million ransom the hacker is looking to bilk from the victim business or $1 million in Bitcoin if they are able to help them deploy ransomware on a company server or computer. It was even noted that the malicious sender provided the recipients with two contact methods if they were interested; a Telegram username and an Outlook email account. 

We shouldn’t be surprised that employees are playing an increasing role in company breaches. In fact, between the years 2018 and 2020, Tessian has reported that there has been a 47 percent increase in the frequency of incidents that involve insider threats. This is why organizations need to acknowledge the risks of an insider attacks.

Defending Against Internal Threats

Staff training is a critical element when it comes to preventing these attacks from happening. This is especially important when it comes to employees that can impact your data environment’s security or has immediate access to your network. 

Internal threats can come from any department including; security personnel who monitor activities and can access your server room, accountants who have access to financial information for your business and your clients, developers who can push code live, remote employees that need access to files and even custodians who have unmonitored building access.

You need to make sure that all employees understand what social engineering attacks look like. If employees can spot an email that looks suspicious, they will know not to respond, preventing any dialogue from taking place so you don’t have to worry about the employee in question being tempted to betray your business.

Control and restrict access to reduce the cybersecurity threat

Not only do you need to provide your employees with sufficient cybersecurity training, but it is highly recommended that controls are in place so that only a limited number of the most trusted employees have access to confidential data.

If there is no reason for an employee to have access to a certain file or network, they shouldn’t have permissions. Access must be restricted so that only those individuals who truly need it have it. This can help to reduce the risk of a social engineering and/or ransomware attack being successful. 

Use a multi-layered security approach

When it comes to defending your business, one security tool or technique is never enough. Organizations should use a multi-layered approach to make it as difficult as possible for your business to be breached.

Effective cyber defenses can significantly reduce the risk of an attack by training employees on what to look for, and also by reducing the amount of exposure to tempting email offers. Pairing up awareness training with email filters is a great way to heighten your defenses against a cyber criminal trying to lure your employees into betrayal. Should unauthorized access occur, round the clock monitoring can alert you of any suspicious behaviours and activity, mitigating the damages of an intruder placing a foothold in your data environment.

From network segregation and advanced firewalls to two-factor authentication and encryption, there are many different ways to increase your cyber security posture. Finding the right combination that meets your organization’s unique needs and budget is highly important.

Ultimately, being mindful that the security landscape is always changing and that attacks are happening to organizations of all sizes is something that must be strongly considered. Staying in the know, refreshing training and defenses on an ongoing basis will surely help to set up best practices when it comes to protecting your business.

Final words on ransomware and insider threats

As you can see, the threat of cyber criminals actively looking to leverage employee solicitation to help them deploy ransomware is a growing concern. However, there are steps that you can take to avoid this from happening to your business.

Educating your employees so that they don’t engage with such individuals is a good place to start. Aside from this, each business should look into adopting a multi-layered security using email filters and restricting permissions so that only the most trusted employees are able to access secure information. 

We can help you defend your business

Are you concerned with insiders posing a threat to your company?

We’re here to help! Talk to a cyber security specialist today and get expert advice, proactive strategies and the right-sized cyber security solutions tailor-fit for you organization. Schedule a FREE cyber security discovery call today.