9 Scary Examples of Malicious Insider Attacks
There are thousands of chilling insider threat stories. Far too many to put in this creepiest of creepy Halloween slideshows. But here are a bunch of hair-raising examples.
![Halloween scary background. Spooky forest with full moon and flying bats on red background. Halloween scary background. Spooky forest with full moon and flying bats on red background.](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/blt1486055062e6d195/64cabebeaf56e361d288178d/00threat-_Bonandbon-alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)
Bonandbon via Alamy Stock
It feels like a daunting challenge to come up with truly scary stories for Halloween 2022 following a global pandemic in a world currently teetering on financial ruin. Even worse, it’s an election year complete with creepy conspiracy theories.
But alas, criminals and mad men piloting nation states do not disappoint. There’s plenty in those headlines to make you cringe, hide in a corner, and avoid sleep altogether.
Just in case you’re crazy enough (and who *isn’t crazy these days) to want more, click through these slides of skin prickling, job threatening, company-ending, scary insider threat tales around the virtual campfire. After all, the scariest threat of all is the one that’s already in your house. Bwahahaha…
At the start of the COVID pandemic, a former employee of a medical packing company used a previously created account to create a fake user account. He then edited approximately 115,581 records and deleted approximately 2,371 records to disrupt the company’s shipping processes.
That sounds more like an annoyance than a threat. But the opposite is true. The intent was to stop or delay the delivery of much-needed personal protective equipment (PPEs) to healthcare providers. The potential result was the deaths of already scarce medical personnel. In turn their deaths would mean more people would die of COVID for lack of medical personnel. The threat was terrifying as the lethal results could be ongoing and the death toll potentially enormous.
“This defendant allegedly disrupted the delivery of personal protective equipment in the middle of a global pandemic,” said US Attorney Byung J. “BJay” Pak in a DOJ statement. “Scarce medical supplies should go to the healthcare workers and hospitals that need them during the pandemic. The Department of Justice is dedicated to moving quickly on cases like this to bring criminal opportunists to justice and protect the public during these challenging times.”
The criminal complaint further alleged that Christopher Dobbins deactivated both fake user accounts and logged out of the system permanently after wreaking this dangerous havoc.
That’s the thing about insider threats. They know every nook and cranny in the organization to attack.
“A disgruntled former employee with continued privileged access to company data can be a recipe for disaster and lead to something scarier still," warns Justin Blackburn, Threat Detection Engineer at AppOmni.
In November 2021, a former GE employee by the name of Jean Patrice Delia was sentenced after being found guilty of conspiring to steal the company’s trade secrets. He had a partner to help pilfer trade secrets, marketing and pricing data, and other confidential information from GE. The crime occurred over several years.
In a weird twist, Delia gained access to the information not through his own access permissions but rather he asked an IT administrator for it and got it!
“What made this threat particularly scary is that Jean and his business partner used this information to launch a competing business,” says AppOmni’s Justin Blackburn.
“This type of malicious insider case can and likely will happen again in industries where trade secrets are worth a lot. Exposing confidential data in this way could cause a company to lose their competitive advantage and ultimately go under or lose a lot of money,” he adds.
Yes, children can be terrifying because we do not suspect the full scale of possible treacheries that can arise from offspring.
“For example, an employee might make a seemingly innocuous choice, like checking their work email on a tablet that their child also uses for gaming,” says Joel Bagnal, Director of Federal, SpyCloud. “The child then downloads an in-game feature that can deliver a malware infection and give criminals an all-access pass to corporate networks through an email application or an open web session, exposing vast quantities of sensitive data because of a decision that the employee probably didn’t think twice about.”
“To effectively manage insider threats, monitor for exposure of unmanaged devices and encourage strong employee cyber hygiene -- because accidental damage is just as dangerous as malicious activity," he adds.
Do not assume, dear reader, that insider threats are one and done. Often they are the scare that keeps screaming, and screaming, and screaming -- and never dies.
“An employee was disgruntled with their boss due to perceived unfair treatment and decided to steal their employer’s personal details such as email, phone number, address etc., and use the information to sign into a variety of spam sites,” says Armaan Mahbod Director of Security and Business Intelligence, Counter-Insider Threat at DTEX Systems. “This resulted in the harassment of the employer and their loved ones, causing significant disruption to their lives and ultimately forcing them to change all of their personal information and accounts.”
Doxing can result in other types of ongoing terrorizing actions some of which can be physical threats and even lead to death. Be careful that employees do not have access to other employee or management’s private information.
Sometimes vendors can be used (just like children) to innocently deliver your doom!
Cybersecurity company Cyren says it detected a vendor email compromise (VEC) attack targeting one of its customers earlier this year. The attackers apparently compromised a vendor or business partner email account and used it to send malicious emails to almost 900 of the customer’s employees. The company says that the emails weren’t blocked or flagged by the secure email gateway.
“The emails related to a purchase order with the message body, ‘Please view the attached. Thanks.’ The attached contained a link to a phishing page designed to harvest Microsoft 365 login information,” explains Mike Fleck, VP of Marketing at Cyren.
“Sometimes the insider is a trusted business partner, and they don’t even know they’re a threat,” he adds.
“One of the scariest cases of malicious insiders to me was the recruiting of AT&T employees to install malware onto their company computer systems,” says Greg Crowley, chief information security officer for eSentire.
The event took place in 2019, he says, when it was publicly disclosed that multiple AT&T call center employees were successfully targeted and bribed to install malicious software onto AT&T computer systems.
“This devilish scheme allowed close to 2 million phones to be remotely unlocked, costing the company an estimated $200 million dollars in lost revenue. What makes this even scarier is that the malicious insiders lurked inside AT&T’s IT systems, carrying out the ringleaders’ evil plot for years,” Crowley says.
With this type of insider access, the threat actors could have deployed the malware that would launch a nightmarish ransomware attack. It’s truly frightening to think of the damage criminals can inflict by bribing employees to sabotage their own company, and it is still a tactic used today,” he adds.
A former employee with the Post Rock Rural Water District in Ellsworth, KS tried to remotely tamper with the water facility’s cleaning, disinfecting, and distribution processes for drinking water.
“Three months after resigning his position in January 2019, [Wyatt] Travnichek remotely logged into the facility, reportedly using his former account information and his cell phone, and attempted to shut down the plant and disable filtration,” says TJ Sayers, Cyber Threat Intelligence Manager at the Center for Internet Security.
Had he been successful, hundreds or thousands of citizens could have suffered or died from disease or toxins.
The Environmental Protection Agency (EPA), Federal Bureau of Investigation (FBI), and Kansas Bureau of Investigation identified and arrested Travnichek, who claimed to be drunk the night of the intrusion.
Let us not forget one of the most famous horrific insider threat stories in history:
US Navy Chief Warrant Officer John Anthony Walker led one of the most damaging Soviet Union spy rings in US history. For years, Walker and his co-conspirators including some of his family members aided the Soviet Union in deciphering over a million encrypted US Navy communications.
“This resulted in significant Soviet Naval advancements and near constant Soviet knowledge on the location (often considered Top Secret information) of all US submarines for his 18-year insider operation,” says Center for Internet Security’s TJ Sayers.
“Reports indicate Walker was almost exclusively motivated by money. His apprehension was largely aided due to his ex-wife’s, sometimes drunken, confessions to the local Federal Bureau of Investigation (FBI) field office attempting to turn in her ex-husband for espionage,” he adds.
In the case of global communications technology company Ubiquiti, a now former employee tried to extort the company for $2 million in Bitcoin over stolen data.
“Not only was he assigned to the original response team to deal with the incident, successfully avoiding suspicion, but he then posed as a whistle-blower and accused Ubiquiti of attempting to cover up the severity of the attack. Ubiquiti’s reputation and stock price plummeted, and the employee continued to do damage; releasing sensitive data before a small technical glitch in his VPN allowed him to be identified,” explains Jonathan Tomek, Digital Envoy's vice president of research and development.
“IP intelligence can be a lifesaver -- helping to detect inconsistencies such as the one that ultimately solved the Ubiquiti case. IP data provides critical information about benign versus malicious VPNs, crucial for identifying so many malicious insider threats like this,” he adds.
We’ll leave you with one last scary thought to ponder in the dead of night when you should be sleeping.
“We tend to think of insider threats as Bob in Accounting siphoning off data or deleting critical business information in retaliation for some perceived injustice,” says Richard Bird, Chief Security Officer, Traceable AI. “Don’t get me wrong, Bob in Accounting is one of the best hackers on the planet. If you put security controls in place that impact his ability to do his job (or require him to change his routine), Bob will figure out how to bypass that fancy new security thing in minutes. The problem with this belief is that insider threat is really diverse, which is the scary part.”
And on that note, Happy Halloween!!!
We’ll leave you with one last scary thought to ponder in the dead of night when you should be sleeping.
“We tend to think of insider threats as Bob in Accounting siphoning off data or deleting critical business information in retaliation for some perceived injustice,” says Richard Bird, Chief Security Officer, Traceable AI. “Don’t get me wrong, Bob in Accounting is one of the best hackers on the planet. If you put security controls in place that impact his ability to do his job (or require him to change his routine), Bob will figure out how to bypass that fancy new security thing in minutes. The problem with this belief is that insider threat is really diverse, which is the scary part.”
And on that note, Happy Halloween!!!
-
About the Author(s)
You May Also Like