Is the Insider Threat Really Over?
There has been a bit of press lately about how external threats are overtaking internal threats in the near term. Traditionally it has been viewed that internal threats (i.e. disgruntled employees) pose a greater threat to an organization than outsiders. In reality, the lines are blurring but external attackers are becoming more sophisticated in their attacks. That said, I was made aware by a coworker of an interesting controversy emerging from South Korea. In essence, one of their major banks was offline and unable to process any transactions for several days. Around April 12, customers were unable to perform ATM transactions, online transactions or any in-bank transactions for about a day. For several days afterwards, transaction were highly unreliable. In essence, this bank (Nongyhup Bank, NH Bank) basically suffered a catastrophic system failure.
According to reports, a contractor from IBM had his laptop infected, which in turn successfully attacked about 60% of the banks infrastructure and crippled its ability to do business. The running controversy is whether this was an insider attack or someone who compromised a contractor and used as used it as a beach-head to get into the bank. That investigation is playing out and we'll see where that goes. From what I can tell (and that's limited because... well... I don't speak Korean) there was a contractor's laptop that was compromised, Chinese IP addresses were involved (and for those of you who know the geopolitical history know that is entirely unsurprising) and there are 300,000 some odd complaints about people not being able to get their money who are in various states of non-pleased.
Like I said, the investigation is ongoing and who knows what really will happen.
Disclaimers aside, my first thought was the IMF incident which ultimately led to the spectacular collapse of Satyam. Maybe that's not the case here, but I do know when I've applied for contractor positions at pretty big firms, I've been appalled by how easy it would be to game the system and, for that matter, how easy the system has been gamed.
In this particular case, there has been a non-trivial amount of incidents that should have served as a warning sign for internal controls. My personal favorite expression regarding the failures of this bank and how they responded (after it became catastrophic) is that they started a 2011 training session with "a highly critical self-reflection and atonement". Maybe I'm odd, I find that expression humorous.
Ultimately, organizations security is determined by who it trusts to run the shop. If all you do is a phone screen (which may or may not be the actual person who is going to start the job the following Monday), you may be asking for trouble.
What are your thoughts? How important is it to consider the insider threat and to vet your contractors and employees?
Background:
IEEE: South Korean NH Bank's Week-Long System Failure That Affected 30 Million An Inside Job?
Korea Times: Chinese IPs linked to Nonghyup crash
The Dong-A-Ilbo: `Nonghyup Bank averaged 2 financial accidents per month`
--
John Bambenek
bambenek at gmail /dot/ com
Bambenek Consulting
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago