Insider Threat Management

Insider Threat Level February 2019: Nation-State Attacks Edition

Share with your network!

The Insider Threat Level is here to keep you updated on the latest examples of security best practices, incidents, and trends, so that you’re better prepared for what comes your way.

This week, our feature story looks at the recent discovery that the Equifax data breach that happened about a year and a half ago may be worse even than it seemed at the time…

When the attack first hit the headlines, it was shocking for its sheer volume, and many consumers rushed to take action and protect their credit-related information. Pretty much everyone assumed that financial fraud was the ultimate goal of the attack.

The Equifax hack is now believed by experts to have been perpetrated by a nation-state with the purposes of identifying and/or recruiting spies in the U.S.

The Equifax Hack Isn’t What It Seems

The data that was stolen during the Equifax data breach has, in essence, vanished into thin air. This is not what typically happens when financially valuable consumer information is stolen; usually it resurfaces on the Dark Web for sale or is used to commit fraud at scale. When many months had passed without either of these likely outcomes coming to bear, experts began to develop a theory, which was revealed in this recent CNBC article: that a nation-state (likely China or Russia) had stolen the data in order to identify people with a troubled financial situation who might be susceptible to spy recruitment.

Hot Take

There’s not a lot to be done about the data now that it’s gone, and it would be pretty hard for organisations to proactively figure out which of their own insiders might be vulnerable. Instead, it’s key to take a proactive approach. The lack of visibility many security teams have into insiders’ actions today poses a massive security risk to organisations. With the Equifax breach’s true implications becoming increasingly clear, it’s never been more important to understand what actions users are taking related to sensitive corporate data and systems.

In particular, organisations should aim to gain visibility into user activities related to:

  • Unauthorised cloud storage or large file-sending sites
  • Disposable or temporary email clients
  • USB storage devices and other removable media
  • Copy/pasting, cut/copying, and large print jobs

These are just a few examples of user activities that, when put into context with the specific types of data in play and other factors, can shed valuable light on an insider threat in progress, including a potential spy among your employees...

It may sound like something out of a movie, but given the likelihood that we will see some major spy-recruitment efforts take place over the coming years, any business that stores or handles sensitive data should have a comprehensive insider threat program in place to gain full visibility into exactly how their insiders are using that data.

What Else is Happening

DOJ Charges Intelligence Officer with Aiding and Abetting Iran

Source: Nextgov

The Justice Department recently charged a former U.S. counterintelligence official with espionage. Monica Witt, who was an Air Force officer and intelligence contractor, is accused of disclosing classified national security info to the government of Iran. They also indicted four Iranian hackers for launching cyberattacks against Witt’s government colleagues. Apparently, the stolen information included the details of a Defense Department Special Access Program, which is an elevated security protocol designed to preserve highly sensitive government projects.

Australian Parliament Hacked, Likely by Another Nation-State

Source: New York Times

The Australian Parliament revealed that hackers attempted to break into its computer network, which includes lawmakers’ email archives. While there has so far been no indication of stolen data, it is likely that the culprit was a nation-state (speculation includes China), and the parliament rapidly took action to protect sensitive governmental information.

Senator & Cyber Diplomat Warn Against Giving China Free Rein with 5G

Sources: CNET and Washington Post

These two stories and the media coverage around them indicate that the emerging 5G technology for mobile networking will likely present a variety of challenges. In particular, experts (and government officials like U.S. Senator Maria Cantwell) believe the U.S. must implement a strategy to protect 5G technology from hackers and state-sponsored attacks.  

Relatedly, the United States’ leading cyber diplomat, Rob Strayer, warned that permitting Huawei and other Chinese companies to access 5G networks could allow Beijing to significantly expand its surveillance program around the world.

What You Might Have Missed

Last month, we took a look at the entire year behind us and summed up some important security-related learnings from 2018 that we should all take with us into 2019. Check out our Insider Threat Level: 2018 in Review if you haven’t had a chance.