Australian Government IT Worker Runs Illegal Cryptomining Operation at Work; Cloud Migration Brings Increased Insider Threat Risk
An Australian government IT contractor has been arrested on suspicion of making thousands from an illegal cryptocurrency mining operation at work.
The 33-year-old New South Wales man appeared in court after allegedly earning AU$9000 ($6188) by “modifying his agency’s computer systems,” according to the Australian Federal Police (AFP).
At Sydney Local Court, he was charged with unauthorized modification of data to cause impairment, and unauthorized modification of restricted data, contrary to the Criminal Code Act 1995.
In the recent Threatbusters: Bitglass’ 2019 Insider Threat Report, the cloud access security broker (CASB) company found that 68% of 437 IT professionals surveyed considered their organizations to be moderately to extremely vulnerable to insider threats.
A key factor? Migrating some or all of their applications, storage and workloads to the cloud – which is a reality or a near-term goal for the large majority of organizations. And there are good reasons for that. The cloud is now a mature, reliable technology that involves the mega-players—Amazon, Cisco, Microsoft and others. It saves money—storage is easier and less expensive, it is scalable without breaking the budget, it lets organizations do more with less downtime, cost and loss, and it reduces infrastructure overhead.
But all that comes with risk… The list of possible vulnerabilities that are common to both on-premises and cloud environments is well known but worth repeating. It includes weak identity, credential, and access management; insecure APIs; insufficient due diligence; lack of encryption; and yes, malicious/clueless insiders. All of which should be yet another of the proverbial wake-up calls for organizations to improve their security initiatives for both the cloud and insider threats.
According to the survey, 41% of respondents said cloud migration makes insider attacks harder to detect and defend if organizations don’t have tools for monitoring “abnormal user behavior across their cloud footprints.”
Each year, companies wisely invest in advanced perimeter security devices and software to secure their electronic data and thwart cyber attacks. Unfortunately, despite that well-reasoned approach, the greatest threat to data security may be someone within the organization’s own walls.
An April 23, 2019 privacy notification by the FBI stated that U.S. businesses are reporting a significantly increased amount of data loss as a result of insider threat actors.
What can a company do to best protect itself from cyber insider threats? The first and most critical step is to implement and maintain a mature approach to access management across the organization. Companies should design and implement proven access controls to protect internal resources, in addition to data retention and media disposal polices. Administrative accounts on the network should be audited on a regular basis, most especially before or after major hiring events involving high level IT staff or management executives.
Monitoring activity in order to identify potentially suspicious acts is often the biggest differentiator between successful and unsuccessful security approaches. Implementing tools that trigger alerts during unusually large file downloads or uploads to cloud sites along with remote connection sessions well outside typical working hours can be key signs of potential malfeasance.
Two security professionals - with over 30 years of combined experience in cyber security in commercial and government environments – share their guidance on how companies can deal with bad actors within their organization.
RL: Insider threats can manifest themselves in several different ways, each carrying its own set of causal factors. These factors can range from disgruntled employees stealing physical company property to adversarial nation states directing collaborative insiders to exfiltrate corporate secrets. The problem has worsened with the evolution of technology making sensitive corporate data more accessible, widening exfil vectors and enabling relative digital anonymity with baseline knowledge of operational security. On the flip side, technology is also evolving to better detect and/or defeat such threats.
VC: The problem seems to ebb and flow with the economy, but definitely seems to be worsening as technology makes the movement of data easier than ever.