Loyal Employees are being socially engineered, too.

Translation

William, are you interested in making some money before you leave the company? If so, all I need you to do is install a file on your company server. We will lock up their files and request a $400,000 ransomware fee. To compensate you for your efforts, we will pay you 40% of whatever we receive in BTC. Let me know if you are interested.

This is a Real Threat

The scary thing is this: there are ransomware groups acting out this very scenario all over the globe.  And, while multi-million-dollar ransomware payments are dominating the headlines, the biggest financial losses tied to cybercrime each year stem from social engineering tactics just like this. These are called Business Email Compromise (BEC) or CEO Scams (where cybercriminals impersonate the organization’s CEO), and according to the latest figures released by the FBI, the reported loss from these threats increased to $1.86 billion in 2020.

The concept of a disgruntled (or not) employee as a cybersecurity threat isn’t new. In April 2020, a Tesla employee was approached by a member of a Russian ransomware gang who offered the employee $1 million to install malware on the Tesla network. Luckily for Tesla, the employee rejected the offer and instead alerted his employer, which in turn alerted the FBI. The Russian citizen, Egor Igorevich Kriuchkov, was arrested in Los Angeles as he was trying to flee the country.

How do cybercriminals find their targets?

Cybercrime is a business, and often the perpetrating criminals mirror the practices of legitimate organizations to find, profile, and connect with targets they view as high value. Social media platforms such as LinkedIn and Facebook are goldmines for cybercriminals, especially when most users overshare everything. In the example above, the bad actor most likely identified his targets on LinkedIn based on their job title (CIO, Systems Engineer) and industry (healthcare). Then, they probably wrote a script sending notifications when these profiles are updated (e.g., looking for a new job) and the rest is history.

Protecting Your Business from Profiling and Social Media Engineering

Data has replaced oil as the world’s most valuable commodity. When you consider that the entire business model of social media revolves around collecting data to sell on to advertisers, it’s easy to understand how advantageous social media is for cybercriminals. Here are some ways we recommend protecting your business from these types of attacks.

• Ensure two-factor authentication is applied on all apps, tools, and logins.
• Educate your employees about the latest cybersecurity trends and threats and to be mindful about what they post on their own social media accounts. Cybersecurity training is an effective tool, and there are several vendors who offer this. We utilize KnowBe4, is a reputable vendor who offers engaging training sessions at affordable rates.
• Inform your employees about the responsible use of social media. Let them know that this is not only for the organization’s sake, but for theirs as well.
• Ensure that your organization has an offboarding plan that revokes access to any employee leaving the company.

Final Thoughts

Even though disgruntled employees are something to be mindful of, keep in mind loyal employees also experience these types of socially engineered tactics on a regular basis. Our best advice is to continuously train your employees about the threats that exist and how to respond to potential incidents.