Remember Mally the Bear? The malicious code teddy? Well, it appears that he has been retired, in favour of hard cash. Or Bitcoin to be more precise.
Those cyber criminals have decided that softening us by sending a bear through the post is not going to cut it. However, it remains the case that the easiest way into a company’s network is from the inside, and as we cuddled the bears but didn’t take the bait and install the USBs, the attackers have decided to go straight to buying us off.
Is everybody happy with their job? Over the moon to be working for such a great organisation? Respectful of their wonderful boss? Er, no. We aren’t in a position to tell you what percentage of employees love their work, but the cyber criminals are banking on the fact that a great many of us do not and can therefore be bought out.
A report from Hitachi ID has disclosed that there has been a big rise in the number of employees who have been offered money, usually in the form of cryptocurrency (bitcoin), to help ransomware operators breach the company’s networks.
65% of companies surveyed confirmed that their employees had been approached.
The cyber criminals are offering money to employees in return for those workers granting access to the company’s networks and computers – as simple as ‘click allow’ and in they rush.
What makes this form of scam more worrying is that fewer firms are on the lookout for internal breaches; insider threats are generally ignored, underrated, and not accounted for during cybersecurity planning.
Mally the Bear, dodgy USBs in the post, and bribing employees demonstrates how important it is for all businesses to have incident planning and cyber security protocols in place; and to keep those policies reviewed on a regular, rolling basis.