shopping-bag Shopping Bag (0)
Items : 0
Subtotal : £0.00
View Cart Check Out

INCYBER NEWS

Anatomy of Insider Threats – Actual Case Studies

See also the “Anatomy of an Insider Threat” by Dr. Abraham “Abe” Gill. To get your free copy just send an email to: Info@incyber.co and request this Whitepaper>

The Edward Snowden Case (2013):

A quick Google search for “Edward Snowden” you will get something like ~37,ooo,ooo hits.

 Brief discussion of the Case

First we looked at Wikipedia: http://en.wikipedia.org/wiki/Edward_Snowden

Other interesting insights: http://www.wired.com/2014/08/edward-snowden/

When all is said and done, Edward Snowden accessed the NSA secret files on or before 2013 by impersonating a regular NSA user. Since he had all the IDs and Passwords it was a relatively easy task.

Could the Edward Snowden breach be avoided? YES!

How could the Edward Snowden breach be avoided?  If the NSA had a PAS (Predicting Insider Threats) service from InCyber, Inc. someone would have been alerted that some “user” has changed his profile by downloading selected secret files. This alert could have triggered an automatic quarantine of the “user” and his privileges.

 = = = =

The Bradley Manning Case (2010):

A quick Google search for “Bradley Manning” you will get something like $19 Million hits.

 Brief discussion of the Case

First we looked at Wikipedia: https://www.google.co.il/?gfe_rd=cr&ei=nipKVIWfKomVigbKtYFY&gws_rd=ssl#q=bradley manning

Other references: http://www.washingtonpost.com/world/national-security/judge-to-sentence-bradley-manning-today/2013/08/20/85bee184-09d0-11e3-b87c-476db8ac34cd_story.html

What did Bradley Manning do? According to Wikipedia, on January 5, 2010 Manning downloaded 400,000 documents from a Secret Military Database. On January 8, Manning downloaded another 91,000 documents.

Could the Bradley Manning breach be avoided? YES!

How could the Bradley Manning breach be avoided?  If the US Army had deployed  a PAS (Predicting Insider Threats) service from InCyber, Inc. someone would have been alerted that some “user” has changed his profile by downloading 400,000 files. This alert could have triggered an automatic quarantine of the “user” and his privileges. Furthermore, the January 8, 2010 breach would not have happened.

 = = = =

The Anthem case (2015). Anthem is the second largest health insurer in the USA.

This is a most recent case that may have affected 78.8 million people.

Brief discussion of the Case

This case was widely reported by the media since it affected 70+ million people

For additional information on the case: http://www.csoonline.com/article/2888307/data-protection/anthem-78-8-million-affected-fbi-close-to-naming-suspect.html

Based on reports from several sources, attackers (not yet apprehended) managed to impersonate on of Athena’s Administrators.  It was discovered accidentally by the said Administrator when he notices an inquiry with his credentials that he never inquired. His discoveries lead to the detection of the breach.

 Could the Anthem breach be avoided? YES!

How could the Anthem breach be avoided?  If Anthem had deployed a PAS (Predicting Insider Threats) service from InCyber, Inc. someone would have been alerted immediately that the Administrator conducted an unusual inquire “outside his normal activity pattern”. This alert could have triggered an automatic warning. A timely treatment of said alert would have stopped the leak of millions of patient records.

= = = =

The Hanssen Case (2001) former FBI veteran Robert Hanssen

Brief discussion of the Case

Hanssen abused his trusted access to the FBI classified information about ongoing investigations.  He handed critical information to Russian agencies. Why? For money.

Could the Hanssen breach be avoided? YES!

One of the methods used by the InCyber PAS system is to create a user “signature”. By a close monitoring PAS system the CSO would have been informed that Hanssen is “acting outside of his normal activity pattern”.

 = = = =

Home Depot Data Breach (2014): 

By Cheril Kamp (c) iNET WHIR

Home Depot reported Thursday that in addition to the credit card data that was stolen by hackers in September, files containing 53 million emails were included in the breach.

Brief discussion of the Case

Although stolen email addresses seem less important than payment information, the data breach could produce more fraudulent activity through phishing attacks. Service providers can help educate their customers about recognizing and avoiding email scams.

With the number of recent hacks, it’s not surprising that a recent Harris poll poll found American’s concern over cybersecurity is even higher than worries over national security. The Target incident exposed 70 million accounts and the JP Morgan breach affected 76 million people along with 7 million small businesses. Kmart and Dairy Queen have yet to release the number of customers that were affected in their hacks.

Home Depot’s security team determined that a third-party vendor login was used to breach its network. Once hackers had access they acquired higher administrative rights that allowed them access to deploy malware on the self checkout systems. The method employed to gain access to the network yet again highlights the importance of basic security measures and educating employees to keep login information private.

Could Home Depot breach be avoided? YES !

How could the Home Depot breach be avoided?  If the Home Depot company had a PAS Solution from InCyber, Inc. we could clearly detect irregular user activity by the 3rd party Vendor. In addition the PAS system could have issued a warning when a particular user attempted to upgrade their user privileges.

= = = =

Leumi Card data breach (2014):

A quick Google search for “Leumi Card data breach” you will get something like 15,400 hits.

 Brief discussion of the Case

References: http://www.jpost.com/Israel-News/Eight-arrested-in-Israel-and-Thailand-for-Leumi-Card-data-breach-381984

http://www.haaretz.com/business/.premium-1.626767

Former Leumi Card (one of three leading Credit Card companies in Israel) employees threatened to sell information and details of 2 million credit card holders unless they were paid a ransom.

Motive:  Revenge (for being fired and paid low)

Opportunity: due to their role in the company, the involved employees had an unlimited access to clients’ personal data.

Damage:  a potential damage of NIS80m to NIS100m + damages to a firm’s reputation (reputational risk)

Could the Leumi Card data breach be avoided? YES!

How could the Leumi Card data breach be avoided?  If the Leumi Card had a PAS (Predicting Insider Threats) service from InCyber, Inc. someone would have been alerted that some of the “users” with same job description and privilege accounts  have been downloading personal data of  Bank Clients. This alert could have triggered an automatic quarantine of the “user” and his privileges.

 = = = =

 

InCyber Comments:

The InCyber PAS Pro-Active and Predicting System has been proven 100% effective against Insider Threats. For additional information write to: info@incyber.co . We are now offering a Free Insider Penetration Test for up to 500 Employees using your own historical data.

Leave a Reply