The art of manipulation: Protecting your business against attacks
Thu 10 Jun 2021 | Samantha Humphries
Do you know how many people have access to your businesses core systems? Chances are it’s more than you think, and the bad news is that every one of them represents a potential entry point for cybercriminals.
The high profile Twitter attack that took place over the summer serves as a stark reminder of this. In mid-July, dozens of the platform’s most high-profile accounts were compromised through social engineering, including Bill Gates, Elon Musk, Jeff Bezos and Kanye West, to name just a few. The speed and severity of the attack rocked the social media world.
According to insiders, in addition to the hundreds of official employees with the authority to change account settings, Twitter also had a large number of outside contractors in areas such as customer services and tech support who had the same administrative privileges. These were the people targeted in the attack, with several duped into visiting a dummy site controlled by the attackers and entering their credentials in a way that served up usernames and passwords, as well as multi-factor authentication codes. In short, they gave the attackers everything they needed to cause highly visible havoc.
The danger of manipulated insiders
When an account belonging to one of your employees falls prey to a cybercriminal, it goes under the header of ‘compromised insider’. Accounts can become compromised in a variety of ways, but in most cases, it’s down to the employee clicking on a link in a phishing email and unwittingly providing their username and password, which can then be used by the perpetrator of the attack.
However, with manipulated insider attacks, a cybercriminal doesn’t just use the compromised account as a way into the system. They go much further, using it to make changes to account privileges and other key assets, and taking advantage of any system or application flaws they find to gain access to other critical systems. This is exactly what happened in Twitter’s case.
Insider manipulation doesn’t just put your systems at risk, it can also seriously jeopardise your customers’ data security. In particular, if the breach results in the theft of information like credit card or health information numbers, the consequences can be extremely serious.
Defending against insider manipulation
For starters, it’s crucial to carefully check exactly who has access to what, and whether such privileges are really necessary in every case. If former employees are to be believed, the sheer volume of workers and contractors with high-level access to Twitter’s systems made the response much more challenging than it otherwise would’ve been. Use the principle of least privilege to ensure that each user has only the necessary access to do their job. When in doubt, grant lower-tier access and increase it only as the user requests or needs it.
Regular cybersecurity training for all staff (both direct employees and indirect contractors) is also critically important. Make sure everyone understands the dangers of clicking on suspicious emails and/or links, and how to respond if they suspect someone is attempting to use social engineering on them. Similarly, when a new threat is known to be circulating, a quick email from the security team alerting users can be a simple but highly effective way of helping them fall foul of it.
Currently, a large number of topical phishing emails around COVID-19, potential vaccines, and the like are in circulation, because evidence shows such emails are much more likely to be opened up by unsuspecting users.
Use technology to add further layers of protection
Strategic use of technology can also add further layers of protection to sensitive environments. Solutions such as behavioural analytics use artificial intelligence to gradually learn the day-to-day activities that pass through your systems and baseline every user’s behaviour. Once established, any behaviour that deviates from these baselines, such as logging in at strange times of day, attempting to access systems unrelated to their job or downloading large volumes of sensitive information, will automatically alert security teams. As a result, even if attackers successfully gain access through a manipulated insider attack, their abnormal account behaviour will quickly give them away.
The recent Twitter attack shows just how important it is to know exactly how many employees – both direct and indirect – have access to your business’s core systems. Conducting regular evaluations of user privileges can go a long way towards preventing opportunistic attacks with the potential to cause significant damage, from both a financial and reputational perspective. When coupled with regular staff training and strategic investment in security technology such as behavioural analytics, businesses of all sizes can ensure they have the best possible protection in place.