Join our panel during Black Hat 2024 – Blurred Lines: Investigating the Convergence of Internal and External Threats



Insider Risk Insights - DTEX Blog
  • Home
  • Blog
  • DTEX Systems
  • 2/11/2019: Dtex, Insider Threat, Privacy News Roundup & Analysis: VPN Usage Can Signal Insider Threats, Spies. Okta Says Enterprise Employees Use Hundreds of Apps, Are They Secure? US Adopts AI Strategy

2/11/2019: Dtex, Insider Threat, Privacy News Roundup & Analysis: VPN Usage Can Signal Insider Threats, Spies. Okta Says Enterprise Employees Use Hundreds of Apps, Are They Secure? US Adopts AI Strategy

Dtex Systems
February 11, 2019

Last week, Australian law enforcement authorities arrested and charged Chinese National Yi “Paulsson” Zheng for illegally downloading and possessing confidential information belonging to his former employer, Australia-based financial services leader AMP. Multiple Australian news sources reported that the insider threat was arrested while he was attempting to board a flight to China and that he pleaded guilty to the charges.

The Australian Associated Press (AAP) reported:

Yi “Paulsson” Zheng was charged with possessing identity information to commit an indictable offence after the breach involving 20 customers’ documents which were sent as a zip file to his personal Gmail address in Sydney in December.

Court documents state he was employed in May 2018 by AMP as a “Support Officer – File Retrieval and Build”.

The 28-year-old Chinese national was required (as part of his job) to access and compile the digital documents of up to four customers a day before forwarding them to an AMP financial adviser for further review.

This classic insider threat case demonstrates that malicious actors can be caught and stopped in time. By all accounts, Zheng was neutralized before any real damage was inflicted on AMP or its customers. How’d AMP do it?

Several security layers should be credited, including human expertise. Law enforcement and court documents also made it clear that the Dtex Advanced Enterprise DMAP Intelligence Platform played a key role in detecting Zheng. According to the AAP:

Police facts state Zheng was busted when a software program called Dtex – that records user behaviour and interactions on work devices – tracked him trying to install the dark web browser TOR onto his work laptop.

In today’s modern technology environment, employees, contractors and other third parties who have been granted access to networks are keenly aware of how easy it is to download and use applications such as TOR. Unfortunately, the bad guys and girls have also figured out that TOR and other VPNs can be used to hide tracks. Organizations need the ability to detect when these tools are being used for nefarious reasons, which is exactly what Dtex provided in this case. Read more news about the incident and how Dtex can help:

Ex-AMP contractor guilty of identity theft, by AAP

Chinese contractor for Australia’s AMP charged with stealing customer data, by Reuters

Former AMP IT contractor pleads guilty to stealing data, by ITnews

10 Reasons Why Organizations Deploy Dtex

TOR and VPNs aren’t the only cloud applications employees are using. According to the annual Okta Business @ Work report, app use is skyrocketing. Angus Loten of The Wall Street Journal wrote:

The number of software apps deployed by large firms across all industries world-wide has increased 68% over the past four years, reaching an average of 129 apps per company by the end of 2018, according to an analysis by Okta Inc.

Nearly 10% of businesses now have more than 200 apps in their enterprise information-technology systems, the San Francisco-based identity-management firm said in a report Thursday. The report defines large firms as having more than 2,000 employees and small firms as having fewer than 2,000.

This news and Okta’s report should encourage every organization to evaluate whether or not it has the ability to see what’s happening in its IT environment. Enterprises and government agencies need to know when, how and why employees are using apps, especially when it comes to accessing and sharing data.

Underrated, Underhyped, Overly Important

Today, an extremely important news story published. Last week, a hugely important news event took place. The news story revealed that the biggest cybersecurity headlines aren’t always relevant to the most critical and important realities of the modern threat landscape. The event showed that the most critical and important realities of the modern threat landscape aren’t always given the attention they deserve.

The story: Google’s head of internet security says businesses should ignore cyber scare tactics and learn from history, by Kate Fazzini, CNBC. According to Kate:

There are a lot of scary cybersecurity headlines, and many shiny new solutions from vendors that promise to address those threats.

Ignore them and look at history instead. That’s the advice of Google’s Heather Adkins, who has served for 16 years as the head of information security and privacy at the tech giant.

The event: Letter from Senators’ Marco Rubio and Ron Wyden to DHS’ Cybersecurity and Infrastructure Security Agency (CISA) citing their concern over government employee VPN usage. According to the senators:

In light of these concerns (foreign owned and operated VPNs), we urge you to conduct a threat assessment on the national security risk associated with the continued use by U.S. government employees of VPNs, mobile data proxies, and other similar apps that are vulnerable to foreign government surveillance. If you determine that these services pose a threat to U.S. national security, we further request that you issue a Binding Operational Directive prohibiting their use on federal government smartphones and computers.

Government employees are downloading applications from the internet that are opening backdoors to foreign spies. Despite this news story having been covered in the past, as is the case with most cyber stories today, make no mistake, this is actually a big deal, despite the reserved level of attention it is getting. There were a few stories worth reading:

InfoSecurity Magazine: Senators Urge Security Audit of Foreign VPNs, by Phil Muncaster

Cyberscoop: Foreign VPN apps need a close look from DHS, senators say, by Sean Lyngaas

PC Magazine: US Senators Demand Probe of Foreign VPNs Over Spying Risk, by Michael Kan

Dtex: Insider Threat Analyst Files 2/8/2019: VPN, A Double-Edged Sword? Analysis of US Sens. Rubio and Wyden VPN National Security Warning

Do you know when you when the people you’ve let into your network are downloading and using VPNs?

Of Note

Trump has a plan to keep America first in artificial intelligence, according to Will Knight of MIT Technology Review. Writes Will:

Artificial intelligence may have been invented in the United States, but other nations, including China, Canada, and France, have made bigger moves to back and benefit from the technology in recent years.

President Donald Trump will seek to change that Monday by signing an executive order that launches the US government’s own AI play.

AI has made its way into the public and private sector in more ways than one. It’s being integrated into technologies at a furious pace. It is becoming so seemingly ubiquitous that it’s less and less of a differentiator. Nonetheless, the benefits AI and machine learning provide and the value it adds to insider threat detection are evident. This hasn’t gone lost on Dtex. To learn about how we use machine learning and AI in our platform, read: How Dtex Utilizes Machine Learning