SBN

Evolving Threat series — Insider Attacks case studies (Part 2)

Evolving Threat series — Insider Attacks case studies (Part 2)

In the last post we touched on formal definition and risks associated with Insider Threats.

In this post we will examine the top X insider threats that were reported over the last decade (in no particular order)

Siemens Contractor Sentenced for Writing ‘Logic Bombs’

Siemens Contractor Sentenced for Writing 'Logic Bombs'

The now-former banker at JP Morgan Chase, Peter Persaud sold personal identifying information (PII) and other account information, including the personal identification numbers (PIN) of bank customers

Former JP Morgan Chase Bank Employee Sentenced to Four Years in Prison for Selling Customer Account Information

Former JP Morgan Chase investment advisor, Michael Oppenheim, was accused in a civil complaint of stealing more than $20M from the bank’s clients between 2011 and 2015

An ex-JPMorgan broker just got 5 years in prison for stealing from customers

Claroty

IT plonker stuffed ‘destructive’ logic bomb into US Army servers in contract revenge attack

IT plonker stuffed 'destructive' logic bomb into US Army servers in contract revenge attack

Wells Fargo reported insider fraud by employees who created almost 2M accounts for their clients without their knowledge or consent

Wells Fargo account fraud scandal

Punjab National Bank in India parted with almost $43M after Gokulnath Shetty, a bank employee, used unauthorized access to a susceptible password in the SWIFT interbank transaction system

PNB fraud: Gokulnath Shetty confesses he issued all LoUs; alleges Modi, Choksi blackmailed him

Amazon investigates claims staff are leaking data for bribes

Amazon investigates claims staff are leaking data for bribes

Compromised data coming from website registrations for various games and online gambling promotions, ringtone storefronts, and movie ticketing where a rogue insider Kim is said to have earned $390,919 USD by selling off and using the compromised records

27 million South Koreans affected by data breach

Engineer gets 18 months in the clink for looting ex-bosses’ FTP server

Engineer gets 18 months in the clink for looting ex-bosses' FTP server

In February 2018, Suntrust Bank became aware of an attempted data breach by a now-former employee who downloaded client information

Now-Former Employee at the Center of SunTrust Data Breach

Transmitting malicious code with intent to cause damage to a U.S. Army computer used in the furtherance of national security

Army Contractor Convicted of Cyber-Sabotage Highlights the Reality of Insider Threats – ClearanceJobs

Ex-IBM employee from China gets five years prison for stealing code

Ex-IBM employee from China gets five years prison for stealing code

Rogue IT admin goes off the rails, shuts down Canadian train switches

Rogue IT admin goes off the rails, shuts down Canadian train switches

Bank of America lost at least $10M as a result of an insider threat that sold “about 300” customer data to cyber-criminals

Insider data theft costs Bank of America $10 million

Espionage convictions for selling DuPont technology to China for the production of a valuable white pigment

Spy conviction upheld for Bay Area businessman

IT pro gets 4 years in prison for sabotaging ex-employer’s system

IT pro gets 4 years in prison for sabotaging ex-employer's system

Ex-NSA employee gets 5.5 years in prison for taking home classified info

Ex-NSA employee gets 5.5 years in prison for taking home classified info | ZDNet

In the next part of this series we will examine patterns that are common across all these published threats.


Evolving Threat series — Insider Attacks case studies (Part 2) was originally published in ShiftLeft Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.


*** This is a Security Bloggers Network syndicated blog from ShiftLeft Blog - Medium authored by Chetan Conikee. Read the original post at: https://blog.shiftleft.io/evolving-threat-series-insider-attacks-case-studies-part-2-8d3ddf0f529?source=rss----86a4f941c7da---4

Application Security Check Up