Home » Research | IT vs OT | When Facing The Insider Threat | What Happend | Free Software vs Open Source | ask me |
What becomes more and more important is to know the starting point of an attack.
Insider threats are dangerous. Because often times these attackers know how the system is configured and know its weaknesses.
In insider threat is defined as an attack perpetrated by an user OR malicious code that is already is inside the defended perimeter of a system OR organization.
Social engineering attacks take place on two levels: the physical and the psychological. First, we'll focus on the physical setting for these attacks: the workplace, the phone, your trash, and even on-line. In the workplace, the hacker can simply walk in the door, like in the movies, and pretend to be a maintenance worker or consultant who has access to the organization. Then the intruder struts through the office until he or she finds a few passwords lying around and emerges from the building with ample information to exploit the network from home later that night. Another technique to gain authentication information is to just stand there and watch an oblivious employee type in his password.
Other guises used by social engineers are to pose as a computer aide or helper, and try to gain information as you fix the computer. This technique, however, relies on the assumption that there is something wrong with the computer system. By posing as a helper, the legitimate user will be less suspicious and more willing to answer your inquisitive questions. Another form for the attacker to take is that of a system operator for the network itself. The potential hacker will pretend that an error in all the accounts has been made, and the he needs to reset the accounts. In order to do that, he needs the old passwords of the users. If the employee is naive enough, he or she will divulge the information, thinking that they are doing their company a service. Although there are many other methods and techniques, these previous examples account for most recorded incidents of social engineers.
Many stories are published on the internet when it comes to the subject of insider threat, social engineering, dumpster diving and spear phishing. However, insider attacks are far more difficult to detect and prevent than external cyber attacks. Insider threat has become more cunning, high skilled and sophisticated. The knowledge that malicious attackers gain and the self-esteem boost that comes from successful hacking might become an addiction and a way of life. There are also studies found that there is a link between cybercrime and autism.
Although many attacks or bugs goes unnoticed or unreported, insiders who are discovered are often not pursued or prosecuted. When they’re caught, hackers often rationalize their services as being altruistic and a benefit to society: They’re merely pointing out vulnerabilities before someone else does. Regardless, if hackers are caught and prosecuted, the “fame and glory” reward system that hackers thrive on is threatened.
The same goes for insiders. Typically, their internal activities operating within the Industrial environment goes unnoticed, but if they’re caught, the security breach may be kept hush-hush in the name of shareholder value or not wanting to ruffle any customer or business partner feathers. However, information security and privacy laws and regulations are changing this because in most situations breach notification is required. Sometimes, the person is fired or asked to resign. Although public cases of internal breaches are becoming more common (usually through breach disclosure laws), these cases don’t give a full picture of what’s really taking place in the average organization.
Hackers like insiders can compromise a seemingly unimportant system to access the network and use it as a launching pad for attacks on other systems, and many people would be none the wiser because they don’t have the proper controls to prevent and detect malicious use.
Many business owners and managers — even some network and security administrators — believe that they don’t have anything that a hacker wants or that hackers can’t do much damage if they break in. They’re sorely mistaken. This dismissive kind of thinking helps support the bad guys or the adversary and promote their objectives.
There is also a big difference between the IT and OT departments within companies. Also mentioned is that even when the ICS security awareness is present the implementation could be a problem. The main reason for this is that most companies are willing to reserve budgets for implementation of ICS Security.
Also at the start of a project, security is often not taking into the plan. Security by design is not a common approach when starting a project so security is added after the project is already in an advanced stage. Like Security Matters mentioned: awareness, assessment, define policy and implementation.
To be continued
According to Methods of Hacking: Social Engineering, a paper by Rick Nelson, the three parts of reverse social engineering attacks are sabotage, advertising, and assisting. The hacker sabotages a network, causing a problem arise. That hacker then advertises that he is the appropriate contact to fix the problem, and then, when he comes to fix the network problem, he requests certain bits of information from the employees and gets what he really came for. They never know it was a hacker, because their network problem goes away and everyone is happy.
» How it is when facing the insider » The hacker speaks on YouTube by Priscilla
» Insider threat involving the Dutch Recycling and Machinery Industry | 21 may 2018 | Part 1 by Priscilla
» Insider threat involving the Dutch Airline Industry | 18 april 2020 | Part 1 by Priscilla
» Richard Stallman Talks About Ubuntu » Ubuntu The Spyware | 2012 - 2017 | modified by Priscilla
How to install proprietary closed software in Ubuntu by Priscilla
But then you really begin to feel you know that person too and that challenges the missing story on this blog.