Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 28 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

DemonWare ransomware gang attempts to recruit disgruntled employees in insider threat scheme

by The Gurus
August 20, 2021
in Cyber Bites
email
Share on FacebookShare on Twitter

According to a report by Abnormal Security, on August 12, 2021, their team identified and blocked a number of emails sent to customers soliciting them to become accomplices in an insider threat scheme. The goal was for them to infect their companies’ networks with ransomware. These emails allege to come from someone with ties to the DemonWare ransomware group.

DemonWare—also known as Black Kingdom and DEMON—has been around for a few years. Earlier this year, the ransomware was in the news when an actor tried to use it to exploit the significant Microsoft Exchange Vulnerability that was announced in March (CVE-2021-27065).

Here are the reactions of cybersecurity experts who weighed in on this rudimentary but nonetheless concerning tactic.

Tim Erlin, VP of strategy at Tripwire:

“There’s always been a blurry line between cyberattacks and social engineering, and this is an example of how the two are intertwined. As people become better at recognizing and avoiding phishing, it should be no surprise to see attackers adopt new tactics to accomplish their goals.

The idea of a disgruntled insider as a cybersecurity threat isn’t new. As long as organizations require employees, there will always be some insider risk. The promise of getting a share of the ransom might seem attractive, but there’s almost zero guarantee that this kind of complicity will actually be rewarded, and it’s highly likely that someone taking this attacker up on their offer would get caught.”

Roger Grimes, data-driven defense evangelist at KnowBe4:

“This is not the first instance I have heard about employees, disgruntled or not, being paid to place ransomware into their companies. The most famous one was the $1M promised to a Tesla employee. A Russian ransomware spreader was arrested in that case. The big question to ask is, how prevalent is it? Is it just a few here and there or is it more widespread than believed? I do not know the answer, but there has to be some takers. That is why it is always important that ransomware victims try their best to track down how the ransomware got into their environment. It is an important step. If you do not figure out how hackers, malware and ransomware are getting in, you are not going to stop them or their repeated attempts. Fortunately, we know the most common root cause, and it is not disgruntled employees. It is social engineering employees into running trojan horse programs or into providing their login credentials, followed by unpatched software. These two root causes account for likely 90% percent of all hacker and malware exploitations. You can defeat most social engineering that gets by your technical defenses by using security awareness training and MFA. You can worry about disgruntled employees, but while you are doing that, your loyal employee is getting socially engineered. That is your real problem.”

Niamh Muldoon, Global Data Protection Officer at OneLogin:

“In this case, the attacker attempted to recruit an insider to infiltrate the organisation. However, prior to this, the threat actor utilised Linkedin to collect target email addresses and leverage social engineering techniques to compromise accounts. This is a prevalent tactic in today’s digital transformation age, requiring individuals to be vigilant about protecting their digital identity and information assets.

Personal assessments of high value and/or high profile individuals need to focus on keeping their clients security aware, implement clear processes on how to deal and report phishing and implement technical controls to reduce associated risks materializing.

It is important that organisations and individuals know what they have, know where it is, know what it’s worth and determine how to protect it. Think of it from a security perspective first. By this we mean protecting unauthorised access to accounts and your data. Next, think of it from a privacy perspective: what data do we want to share and for what purpose.

To continue to protect digital identity online and reduce risk of account compromise, some key industry best practice actions are:

Key Personnel Actions:

  • Run an audit of the total number of devices and systems managed.
  • Securely dispose of unused and/or old devices.
  • Ensure two-factor authentication is applied on all apps, tools and logins.
  • Set strong/unique passwords, keep them safe and private.
  • Restrict access to others on a need-to-know basis.
  • Disable Bluetooth and GPS whenever possible.
  • Apply the highest privacy settings available.
  • Apply all updates and patches as they become available.
  • Actively manage online presence and social media.
  • Enable monitoring and alerting for all social media and online accounts.
  • Require all account changes be subject to authorization via strong two-factor authentication.
  • Set contact preference for your monitoring and alerting.”
FacebookTweetLinkedIn
ShareTweet
Previous Post

T-Mobile data breach impacts over 40 million users – Security Experts Have Their Say

Next Post

The four As of identity-based security

Recent News

software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023
ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information