HomeCII/OTCrowdStrike Emphasizes the Significance of Insider Risk

CrowdStrike Emphasizes the Significance of Insider Risk

Published on

spot_img

CrowdStrike’s discovery last summer of a potential fake IT employee working for some of its customers initially raised doubts among those alerted. However, further investigation revealed that a significant 40% of the 200 customers were indeed victims of a North Korean APT group known as Famous Chollima. This group recruited individuals to apply for technical jobs, infiltrated companies using network access gained through employment, and then deployed malware to steal sensitive data. The increased activity by Famous Chollima prompted CrowdStrike to launch their Insider Risk Service last week, aimed at detecting rogue IT workers and enhancing hiring practices.

The North Korean threat actors managed to infiltrate over 300 companies, as reported by the US Department of Justice. The perpetrators were charged with defrauding US companies through fraudulent schemes using online job sites and payment mechanisms with locally hosted proxy systems. This criminal act by the group resulted in an estimated loss of $6.8 million according to official reports, although CrowdStrike’s senior VP for counter adversary operations, Adam Meyers, estimated the losses to be significantly higher, likely amounting to tens of millions of dollars.

The rise in insider attacks has become a concerning trend in recent years, with various reports indicating an increase in incidents and associated costs. According to the Ponemon Institute, organizations experienced between 21 and 41 insider incidents in 2023, with an average cost of $16.2 million per organization. Furthermore, the 2024 Insider Threat Report by Securonix highlighted the challenges in detecting insider threats, which are deemed equally or more difficult than external attacks.

CrowdStrike’s new Insider Risk Service aims to address these challenges by providing detailed assessments to identify security gaps, especially in terms of internal and unintentional threats, as well as evaluation of HR hiring processes. The service includes technical reviews, tabletop exercises, and red team simulations to test existing defenses and recommend improvements. The utilization of threat intelligence and telemetry data from CrowdStrike’s Falcon platform and OverWatch service sets it apart from other IT consulting firms offering similar services.

While the activity from Famous Chollima has decreased from its peak, the potential for other threat actors to exploit similar tactics remains a concern. Thomas Etheridge, CrowdStrike’s chief global services officer, anticipates continued variations in insider threat activities and emphasizes the importance of ongoing monitoring to detect suspicious behavior. Joseph Blankenship from Forrester also underscores the need for measures to confirm the identities of employees and contractors to mitigate the risks posed by threat actors posing as legitimate workers.

In conclusion, the prevalence of insider threats, as exemplified by the case of Famous Chollima, underscores the critical importance of robust security measures and continuous monitoring to safeguard organizations against malicious actors. CrowdStrike’s proactive approach with the launch of their Insider Risk Service signifies a significant step towards enhancing insider threat detection and response capabilities in the ever-evolving cybersecurity landscape.

Source link

Latest articles

Ransomware payment value decreased by over 30% in 2024

After a year of record payments to cyber criminals, the tide seems to be...

Data breach at Vorwerk: Hackers steal Thermomix user data

In a recent cybersecurity breach, hackers have managed to gain access to user data...

Behavioral Analytics in Cybersecurity: Identifying the Primary Beneficiaries

In the realm of cybersecurity, the cost of a data breach hit a new...

Britain Reportedly Requests Apple to Create Backdoor

In a shocking turn of events, the British government has reportedly issued a secret...

More like this

Ransomware payment value decreased by over 30% in 2024

After a year of record payments to cyber criminals, the tide seems to be...

Data breach at Vorwerk: Hackers steal Thermomix user data

In a recent cybersecurity breach, hackers have managed to gain access to user data...

Behavioral Analytics in Cybersecurity: Identifying the Primary Beneficiaries

In the realm of cybersecurity, the cost of a data breach hit a new...