Criminals recruit employees to hijack data

Criminals are offering profits of up to 40% on Bitcoin to disgruntled employees who help carry out virus attacks against their own companies. With public awareness of digital hijackings (ransomware) increasing, security systems and users themselves are already being conditioned to more easily identify coup attempts, causing attackers to resort to new methods in order to carry out the offensive .

According to research carried out by security company Abnormal Security and published by Kaspersky, in order to carry out digital hijackings, the new method being used is to convince employees to sabotage their own workplaces. This has been happening ever since, but now attacks have increased, as have approaches, amounts and acting surfaces.

The proposals, usually disclosed in massively sent messages (the famous spam), even offer training to activate the ransomware attack. In certain cases, criminals can offer up to 40% of the profit of the invasion to the collaborator, with the payment amount in the example cited in the research reaching US$ 1 million (R$ 5.4 million at the current price) in Bitcoin.

Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!

Sample message with offer for employees (Image: Disclosure/Abnormal Security)

The case used for Kaspersky’s research originated in Nigeria, where a criminal sent a message to senior executives. The proposal came after attackers realized that cybersecurity schemes were too strong for conventional approaches.

However, this offensive was easily identified due to the bad guy’s option of trying to use DemonWare, unsophisticated ransomware that already has the unlock code publicly available on the internet — and this also showed a certain amateurism on the part of the responsible for the seductive offer.

Security Tips

Kaspersky, seeking to elucidate the public about the series of dangers of digital kidnappings and how to protect themselves, released along with the research three basic security tips against this type of attack:

Use Least Access Privilege strategy; Keep records of attempts to access the organization’s network and servers; Revoke rights and change passwords when employees are fired; Install up-to-date security solutions on each server that can combat today’s malware.

Source: Karpersky, Abnormal Security

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

Related Articles

Back to top button