Loyal Employees are being socially engineered, too.
Picture this scenario.
William is an intelligent, up-and-coming 32-year-old IT technician. For the past three years, he’s overseen the organization’s migration to the cloud. Even though he’s passionate about IT, he’s become increasingly frustrated with the leadership. He doesn’t trust their vision for the company, plus he feels he’s underpaid and undervalued.
One day the vice president lashes out at him in front of the entire team for something that wasn’t even his fault. He decides ‘enough is enough’ and begins polishing his resume. He starts skimming job boards, updates his LinkedIn profile, and sends a few feeler messages to his network notifying them that he’s looking for a new job.
Then, out of the blue, he receives the following email message:
William, are you interested in making some money before you leave the company? If so, all I need you to do is install a file on your company server. We will lock up their files and request a $400,000 ransomware fee. To compensate you for your efforts, we will pay you 40% of whatever we receive in BTC. Let me know if you are interested.
This is a Real Threat
The scary thing is this: there are ransomware groups acting out this very scenario all over the globe. And, while multi-million-dollar ransomware payments are dominating the headlines, the biggest financial losses tied to cybercrime each year stem from social engineering tactics just like this. These are called Business Email Compromise (BEC) or CEO Scams (where cybercriminals impersonate the organization’s CEO), and according to the latest figures released by the FBI, the reported loss from these threats increased to $1.86 billion in 2020.
The concept of a disgruntled (or not) employee as a cybersecurity threat isn’t new. In April 2020, a Tesla employee was approached by a member of a Russian ransomware gang who offered the employee $1 million to install malware on the Tesla network. Luckily for Tesla, the employee rejected the offer and instead alerted his employer, which in turn alerted the FBI. The Russian citizen, Egor Igorevich Kriuchkov, was arrested in Los Angeles as he was trying to flee the country.
How do cybercriminals find their targets?
Cybercrime is a business, and often the perpetrating criminals mirror the practices of legitimate organizations to find, profile, and connect with targets they view as high value. Social media platforms such as LinkedIn and Facebook are goldmines for cybercriminals, especially when most users overshare everything. In the example above, the bad actor most likely identified his targets on LinkedIn based on their job title (CIO, Systems Engineer) and industry (healthcare). Then, they probably wrote a script sending notifications when these profiles are updated (e.g., looking for a new job) and the rest is history.
Protecting Your Business from Profiling and Social Media Engineering
Data has replaced oil as the world’s most valuable commodity. When you consider that the entire business model of social media revolves around collecting data to sell on to advertisers, it’s easy to understand how advantageous social media is for cybercriminals. Here are some ways we recommend protecting your business from these types of attacks.
- Ensure two-factor authentication is applied on all apps, tools, and logins.
- Educate your employees about the latest cybersecurity trends and threats and to be mindful about what they post on their own social media accounts. Cybersecurity training is an effective tool, and there are several vendors who offer this. We utilize KnowBe4, is a reputable vendor who offers engaging training sessions at affordable rates.
- Inform your employees about the responsible use of social media. Let them know that this is not only for the organization’s sake, but for theirs as well.
- Ensure that your organization has an offboarding plan that revokes access to any employee leaving the company.
Even though disgruntled employees are something to be mindful of, keep in mind loyal employees also experience these types of socially engineered tactics on a regular basis. Our best advice is to continuously train your employees about the threats that exist and how to respond to potential incidents.