If you think that cybercriminals are only going after the target company’s system then you are wrong.
Now, these attackers have increasingly turned towards the employees to try and establish a foothold in a target company.
A report from Hitachi ID surveying 100 large IT companies in North America. It has been found that ransomware attackers have reached out to insiders for some help.
In that survey, it has been found that there has been a 17% rise in the number of employees who have been offered money to help cybercriminals breach the company network since November 2021.
And between December 7, 2021 and January 4, 2022, 65% of companies confirmed their employees have been approached by attackers.
- Hackers are sending malicious links through Google Docs comments
- Researchers discover a dangerous malware that can survive OS reinstalls
- BEWARE!!! Experts warn of an Android banking malware stealing users’ credentials
- WhatsApp’s new security vulnerability could be exploited by hackers, 2 billion users are at risk
Attackers target insiders for help for their attacks
In the form of cryptocurrency (bitcoin), ransomware attackers have offered the target company’s employees to help them in breaching the company’s system.
Most of the time, the initial contact with employees is done either by social media or email. However, there are times (about 27%), ransomware operators just directly call employees on the phone.
Most of the time, initial contact is done either by social media or email, but in some cases (27%), ransomware operators just call employees on the phone.
Typically, target employees get offered less than $500,000 in Bitcoin for their efforts. However, in some cases, these malicious actors made seven-figure proposals.
Now, that is a lot of money even for employees above the minimum. In fact, half of the targeted employees do take the offer and end up breaching the company’s system.
For Hitachi, if the company is perceived as a ransomware candidate, the method is not that important.
Unfortunately, insider threats are generally ignored, underrated, and the least of the priorities during cybersecurity planning. That is what makes it very dangerous.
A poll regarding internal threats on IT pros prove that just above a third or 36% said they were more concerned about external threats. Meanwhile, 3% said they were not concerned with internal threats at all.
A lesson on looking at your own fence
The sad thing is, just less than half of the employees approached by attackers report it to the authorities. Also, a good 51% feel moderately prepared to stop a ransomware attack, and just 4% consider themselves “most prepared”.
On the other hand, most decision-makers (45%) said that they mostly rely om perimeter defense, and some (6%) exclusively use perimeter defense.
Luckily, most firms (63%) have an insurance policy against ransonware attacks.
Tips on malware-related issues: