Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/29/2018
09:35 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

The 6 Worst Insider Attacks of 2018 So Far

Stalkers, fraudsters, saboteurs, and all nature of malicious insiders have put the hurt on some very high-profile employers.
Previous
1 of 7
Next

Image Source: Adobe Stock (Andrea Danti)

Image Source: Adobe Stock (Andrea Danti)

If recent statistics are any indication, enterprise security teams might be greatly underestimating the risk that insider threats pose to their organizations. One study, by Crowd Research Partners, shows just 3% of executives pegged the potential cost of an insider threat at more than $2 million. Yet, according to Ponemon Institute, the average cost of insider threats per year for an organization is more than $8 million.

And those are just the quantifiable risks. When insider attackers hit hardest — particularly malicious insiders who are looking to commit fraud or intentionally do bad — the ramifications can be much more widespread than the typical data breach.

We're just six months into the year, and already we've seen some particularly damaging malicious insider events illustrate this truth. Here are some of the highest-profile incidents, all of which can act as a warning to enterprises to get serious about their monitoring and controls around employee activity.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
7/13/2018 | 9:58:34 AM
Yet Another Healthcare Breach - A Solution Soon?
Nuance is yet another healthcare breach that begs the question: When are Electronic Health Record (EHR) and medical application vendors going to wise up? In the EHR world (and even in the paper record world) de-identified patient data is an important step in the records workflow. Patient health information (PHI) from a medical record is stripped of all direct identifiers that can be used to identify the patient the record belongs to. Here's an idea inspired by that process that might actually work:

1. Any healthcare software vendor that houses patient data would be regulated to do the following:

a. Write into their PHI-housing software a feature that 1) encrypts PHI upon entry to the application, 2) ONLY decrypts the information for viewing and editing within the application based upon Multi-Factor Authentication (MFA) that could include user credentials, network IP signatures and local system certificates, etc. and 3) any attempt to extract the encrypted data outside the application database would results in a useless blob of encrypted information.

2. Any healthcare software vendor who did not execute #1 would be fined and withheld from Federal money until they achieved that task; perhaps incentives could be offered to encourage them, too.

This model is possible and while it took a long time just to move to EHRs, having the EHR and all the other medical software applications saves no money at all if they keep getting breached. The model above would protect PHI even from insider attacks because in order for anyone to read the PHI they would have to have all the required elements, including the application server, app client, local certificates, user logins, IP signatures and so on for the data to decrypt for viewing. Potentially massive PHI data breaches could be a thing of the past with something like this in place.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
7/13/2018 | 8:26:25 AM
Re: Whistleblowing
SUNTRUST had a horrible reputation in the IT field for firing a ton of workers to train Indian replacements and sign non-disclosures.  Theyhave zero respect for IT as it relates to corp and fully deserve what they bought. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/3/2018 | 6:03:06 AM
Whistleblowing
Frankly, given the CEO's penchant for bombast, overstatement, and self-aggrandizement, I'm not entirely sure I personally find the Tesla employee's claims as untrustworthy here.

Moreover, employers tend to find whistleblowing to be just as much sabotage as actual wrench-throwing.

Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31476
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...
CVE-2021-31477
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-...
CVE-2021-32690
PUBLISHED: 2021-06-16
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This...
CVE-2021-32691
PUBLISHED: 2021-06-16
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within th...
CVE-2021-32243
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).