Evolving Threat series — Insider Attacks case studies (Part 2)
In the last post we touched on formal definition and risks associated with Insider Threats.
In this post we will examine the top X insider threats that were reported over the last decade (in no particular order)
Siemens Contractor Sentenced for Writing ‘Logic Bombs’
The now-former banker at JP Morgan Chase, Peter Persaud sold personal identifying information (PII) and other account information, including the personal identification numbers (PIN) of bank customers
Former JP Morgan Chase investment advisor, Michael Oppenheim, was accused in a civil complaint of stealing more than $20M from the bank’s clients between 2011 and 2015
IT plonker stuffed ‘destructive’ logic bomb into US Army servers in contract revenge attack
Wells Fargo reported insider fraud by employees who created almost 2M accounts for their clients without their knowledge or consent
Punjab National Bank in India parted with almost $43M after Gokulnath Shetty, a bank employee, used unauthorized access to a susceptible password in the SWIFT interbank transaction system
Amazon investigates claims staff are leaking data for bribes
Compromised data coming from website registrations for various games and online gambling promotions, ringtone storefronts, and movie ticketing where a rogue insider Kim is said to have earned $390,919 USD by selling off and using the compromised records
Engineer gets 18 months in the clink for looting ex-bosses’ FTP server
In February 2018, Suntrust Bank became aware of an attempted data breach by a now-former employee who downloaded client information
Transmitting malicious code with intent to cause damage to a U.S. Army computer used in the furtherance of national security
Ex-IBM employee from China gets five years prison for stealing code
Rogue IT admin goes off the rails, shuts down Canadian train switches
Bank of America lost at least $10M as a result of an insider threat that sold “about 300” customer data to cyber-criminals
Espionage convictions for selling DuPont technology to China for the production of a valuable white pigment
IT pro gets 4 years in prison for sabotaging ex-employer’s system
Ex-NSA employee gets 5.5 years in prison for taking home classified info
In the next part of this series we will examine patterns that are common across all these published threats.
Evolving Threat series — Insider Attacks case studies (Part 2) was originally published in ShiftLeft Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.
*** This is a Security Bloggers Network syndicated blog from ShiftLeft Blog - Medium authored by Chetan Conikee. Read the original post at: https://blog.shiftleft.io/evolving-threat-series-insider-attacks-case-studies-part-2-8d3ddf0f529?source=rss----86a4f941c7da---4