Friday, June 24, 2022
  • Hackers Are Still Exploiting Log4Shell Vulnerability, Warns CISA
  • USENIX Enigma 2022 – Mallory Knodel’s ‘You Can’t Always Get What You Want / But You Get What You Need: Moderating E2EE’
  • Peer Groups
  • Privacy Access Token
  • Joy Of Tech® ‘#2909’

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Famous Insider Threat Cases

SBN

Famous Insider Threat Cases

by Talia Landman on September 5, 2019

Insider threats are the biggest security risk for organizations because they can cause the most destruction. From taking advantage of privileged access to stealing company data – sometimes the biggest and worst threats to a company’s security program is right under its nose. There are so many Insider Threat Personas and we are sharing famous insider threat cases to expose the serious risk of insider cyber attacks.

General Electric Employees Stole Trade Secrets to Gain a Business Advantage (2020)

In this famous insider threat case, two General Electric (GE) employees downloaded thousands of files with trade secrets from company servers.  They then uploaded the files to the cloud or sent them to private email addresses.  In addition, they convinced a system administrator to grant them inappropriate access to sensitive corporate data.

DevOps Connect:DevSecOps @ RSAC 2022

What happened next?  One of the employees started a new company with stolen intellectual property on advanced computer models used to expertly calibrate turbines used in power plants.  That company then competed with GE in tenders for calibrating turbines and submitted much lower bids than GE.

Not surprisingly, GE lost several several bids for turbine calibration to this new lower priced competitor.  When GE discovered that the company had been founded by their prior employee, they reported the incident to the FBI.  The FBI investigated this crime for several years, and in 2020 both malicious insiders were convicted and sent to prison.  They were fined $1.4 million in restitution to General Electric.

Here’s the issue: none of these malicious insider threat actions triggered a response from GE’s cybersecurity system.  Deploying Gurucul User and Entity Behavior Analytics would have enabled GE to detect and stop this particular instance of intellectual property theft in real-time.

Capital One Data Breach Carried Out by a Single Insider (2019)

She was a former software engineer for Amazon Web Services, a cloud hosting company that Capital One was using. Taking advantage of a misconfigured web application firewall, the hacker accessed more than 100 million customers’ accounts and credit card applications. The company has since fixed the vulnerability and stated that “no credit card account numbers or log-in credentials were compromised”.

This famous insider threat case is particularly interesting because the hacker wasn’t concerned about hiding her identity. She shared her method of hacking into Capital One with colleagues on a chat service called Slack. Additionally, she posted the information on GitHub (using her full name) and bragged on social media about it too. This kind of behavior is a phenomenon psychologists call “leakage” where insiders who plot to do damage reveal their plans.

The hacker was arrested and charged with one count of computer fraud and abuse. Capital One expects the breach to cost up to $150 million.

Disgruntled Employee at Tesla Changes Code, Exfiltrates Data (2018)

Certainly, this insider threat case could have been avoided. But the electric car company neglected to put limits on the level of privileged access given to employees. It draws attention to the importance of having a security program that monitors user behavior to detect and prevent security incidents.

According to Tesla CEO Elon Musk, the saboteur used his insider access to make “direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.”

Anthem’s Account Compromise Breach of Personally Identifiable Information (2015)

A phishing email gave hackers administrative access to a major health insurance company’s database. As a result, the exposing of 78.8 million records of personal identification information. Records stolen contained medical ID’s, social security numbers, addresses, employment history, income data, etc. They were sold on the dark web. The hackers had administrative access for over a month.

The breach was discovered by a database administrator who noticed a suspicious database query running using his credentials. Then, he found out other credentials had been compromised.

The hackers sent employees phishing emails containing links to malware. Once clicked, the malware was installed, thus giving the hackers a backdoor to the database. They were able to access it remotely from their command and control server.

In 2017, Anthem agreed to pay $115 million to settle a class action lawsuit over the data beach. (Triumphing over the $18.5 million Target agreed to pay after being breached in 2013. Hackers gained access to 41 million customer payment card accounts).

Target Data Breach Affects 41 Million Consumers (2013)

More than 41 million of the retail giant’s customer payment card accounts were breached in 2013. Hackers gained access to Target’s computer systems through stolen credentials from a third-party vendor. Four years later, Target agreed to pay $18.5 million in a multi-state settlement – the largest ever (up until that date) for a data breach.

In this famous insider threat case, the attackers gained access to Target’s customer service database and installed malware on the system. Hackers collected sensitive data like full names, phone numbers, email addresses, payment card numbers, credit card verification codes, and other customer data.

What Can We Learn from these Famous Insider Threat Cases?

In short, a weak insider threat program can have devastating consequences. That’s why we emphasize the importance of having a reliable threat detection platform, like Gurucul User and Entity Behavior Analytics (UEBA), to monitor your organization’s internal activities. Our powerful UEBA product leverages machine learning on open choice big data to predict unknown threats.

“Even progressive companies that can afford the best cyber-security protection can be taken down by one malicious insider,” says Gurucul CEO Saryu Nayyar.

Does your organization want to end up on the list of famous insider threat cases? We didn’t think so. Contact us today and learn why so many companies choose Gurucul for their insider threat detection needs.

Learn more about how to stop the insider threat by downloading the whitepaper Uncover Insider Threats Through Predictive Security Analytics.

The post Famous Insider Threat Cases appeared first on Gurucul.


Recent Articles By Author
  • Are You Afraid of the Unintentional Insider Threat?
  • 5 Signs You Need an Insider Threat Program
  • How to Practice Cyber Safety on Social Media as an Industry Professional
More from Talia Landman

*** This is a Security Bloggers Network syndicated blog from Blog – Gurucul authored by Talia Landman. Read the original post at: https://gurucul.com/blog/famous-insider-threat-cases

September 5, 2019November 17, 2021 Talia Landman Account Compromise, Blog, insider threat
  • ← Survey Reveals Kubernetes Usage Skyrocketing, but Security Concerns Remain
  • Tech Support Scams and What They Mean →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

Digital Value Chain Attacks on the Rise
Uvalde Shooting Investigation Reveals Major Privacy Violation
Machine Learning Tackles Ransomware Attacks
TechStrong Con: Diversity Key to Solving Cybersecurity Talent Shortage
The Million-Dollar Question: To Pay or Not to Pay Ransom?
The future of IoT ransomware – targeted multi-function bots and more cyberattacks  
Capital One Data Breach Update: Former Amazon Engineer Convicted
9 Cybersecurity Challenges Companies Must Tackle Now
How to get started with OT security
Four Key Findings from the 2022 Cyberthreat Defense Report

Upcoming Webinars

Mon 27

AI and ML in Security

June 27 @ 1:00 pm - 2:00 pm
Thu 30

Closing the Gap: Reducing Enterprise AppSec Risks Without Disrupting Deadlines

June 30 @ 11:00 am - 12:00 pm
Jul 19

Finding the Ransomware Threat INSIDE Your Backups

July 19 @ 3:00 pm - 4:00 pm
Jul 25

Applying the 2022 Open Source Findings to Software Supply Chain Risk Management

July 25 @ 3:00 pm - 4:00 pm
Jul 27

How to Shift Security Left: Best Practices From a Fortune 500 DevSecOps Leader

July 27 @ 1:00 pm - 2:00 pm
Aug 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

June 17, 2022 Richi Jennings | Jun 17 0
Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity
Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Security Awareness Security Boulevard (Original) Threat Intelligence 

Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity

May 23, 2022 Mike Hodge | May 23 Comments Off on Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity
Establishing a Root of Trust in Embedded Linux and IoT
Cybersecurity Endpoint Industry Spotlight IoT & ICS Security Security Boulevard (Original) Vulnerabilities 

Establishing a Root of Trust in Embedded Linux and IoT

April 18, 2022 Anita Buehrle | Apr 18 Comments Off on Establishing a Root of Trust in Embedded Linux and IoT

Top Stories

NSA Wants To Help you Lock Down MS Windows in PowerShell
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Incident Response Malware Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

NSA Wants To Help you Lock Down MS Windows in PowerShell

June 24, 2022 Richi Jennings | 6 hours ago 0
Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’
Analytics & Intelligence Application Security Blockchain Cloud Security Cyberlaw Cybersecurity Data Security DevOps Digital Currency Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Identity and Access Management Incident Response Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’

June 21, 2022 Richi Jennings | 3 days ago 0
TechStrong Con: Diversity Key to Solving Cybersecurity Talent Shortage
Careers Cybersecurity Featured News Security Boulevard (Original) Spotlight 

TechStrong Con: Diversity Key to Solving Cybersecurity Talent Shortage

June 21, 2022 Michael Vizard | 3 days ago 0

Security Humor

Joy Of Tech® '#2909'

Joy Of Tech® ‘#2909’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.