Cybersecurity is in the news again with the disclosure that Tesla, working in conjunction with the FBI, prevented a ransomware attack from being launched at its Gigafactory in Nevada. The cybercriminals targeted Tesla through one of its employees, whom they allegedly promised to pay $1 million in order to help them infect the company’s system with malware.

While it is fortunate the crime was thwarted by an employee with integrity, it nevertheless underscores how brazen malicious actors have become in their attempt to compromise corporate networks and gain access to sensitive information.

The risk of the insider as a formidable point of vulnerability

The Tesla cyberattack highlights the vulnerability posed by insiders (such as employees) to corporate data. Even if organizations have hardened their security by deploying firewalls, antivirus systems, penetration tests and malware protection, the human element remains the weakest point of vulnerability.

That’s why many companies nowadays consider it critical to even perform security scans in the personal phones, laptops or tablets of their staff members. After all, malicious hackers have multiple approaches for breaking into one’s phone and will often attack personal devices that may contain valuable professional information.

While it didn’t ultimately prove successful in this instance, direct sabotage by employees is a known attack vector, while social engineering attacks mounted against an organization’s staff succeed far more often than they should.

A prime example is the successful attack mounted against Twitter this July by teenagers who gained access into Twitter’s internal Slack messaging channel and hoodwinked employees to hand over their Twitter’s internal network credentials. The brazen attack then targeted the accounts of high-profile personalities in a cryptocurrency hack.

How it all went down

They say truth is stranger than fiction sometimes. This story unfolds like a film’s plot, with members of a criminal gang (Read more...)