75% of Insider Cyber Attacks are the Work of Disgruntled Ex-Employees: Report

Ransomware and enterprise electronic mail compromises (BEC) topped the checklist of the sorts of assaults on organizations in the previous 12 months, making up 70% of the whole quantity, in accordance with the 2022 Unit 42 Incident Response Report from Unit 42 by Palo Alto Networks, a cybersecurity consultancy inside the firm. The agency compiled its report findings based mostly on roughly 600 incident responses accomplished by Unit 42 between May 2021 and April 2022.

Here’s a fast breakdown of key findings:

• 77% of intrusions are suspected to be attributable to three preliminary entry vectors – phishing, exploitation of recognized software program vulnerabilities, and brute-force credential assaults targeted totally on distant desktop protocol.
• The report additionally discovered that greater than 87% of positively recognized vulnerabilities fell into one of six main classes – the ProxyShell and ProxyLogon flaws in Exchange Server, the Apache Log4j flaw, and vulnerabilities in Zoho ManageEngine ADSelfService Plus, Fortinet, and SonicWall.
• Half of the compromised organizations lacked multifactor authentication on key internet-facing programs equivalent to company webmail, digital personal community (VPN), and different distant entry options.
• The seven most focused industries have been finance, skilled and authorized companies, manufacturing, healthcare, high-tech, and wholesale and retail. These accounted for over 60% of instances, in accordance with Unit 42.

Unit 42 mentioned that attackers might give attention to sure industries equivalent to finance and healthcare as a result of they retailer, transmit, and course of excessive volumes of monetizable delicate info – or just because they make widespread use of sure software program with recognized vulnerabilities.

Insider Threats

It’s not at all times about the cash, in accordance with the report. Grudges matter, too. Insider threats made up simply 5.4% of the incidents Unit 42 dealt with, “but they can be significant because they involve a malicious actor who knows exactly where to look to find sensitive data,” the report mentioned. What’s extra, 75% of insider menace instances concerned a disgruntled ex-employee who left with firm knowledge, destroyed firm knowledge, or accessed firm networks after their departure.

This may very well be exacerbated throughout a recession, as layoffs and frustrations rise. Researchers predict that declining financial circumstances may push extra folks into cybercrime as a solution to make ends meet.

“Right now, cybercrime is an easy business to get into because of its low cost and often high returns,” mentioned Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks, in a press release. “As such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web.”

Ransomware

Ransomware can goal delicate organizations, equivalent to hospitals, and may put much more strain on organizations with threats of releasing delicate info if the ransom just isn’t paid. Additionally, Unit 42 has been monitoring no less than 56 lively “ransomware as a service” teams working since 2020.

“RaaS is a business for criminals, by criminals, with agreements that set the terms for providing ransomware to affiliates often in exchange for monthly fees or a percentage of ransoms paid,” the report mentioned. “RaaS makes carrying out attacks much easier, lowering the barrier to entry for would-be threat actors, and expanding the reach of ransomware.”

Unit 42 reported that ransomware calls for have been as excessive as $30 million over the previous 12 months, and a few shoppers have paid ransoms of over $8 million. Unit 42 famous that menace actors try and entry monetary info after they have unauthorized entry to a sufferer group and calculate ransom calls for based mostly on the perceived income of the group being extorted.

What’s Ahead?

Unit 42 requested its incident responders to sit up for the cyberthreats on the horizon and supply some predictions. Here are some of the predictions they shared:

• The window of time to patch high-profile vulnerabilities earlier than exploitation will proceed to shrink.
• Widespread availability assault frameworks and hacking-as-a-service-based platforms will proceed to extend the quantity of unskilled menace actors
• Reduced anonymity and elevated instability with cryptocurrency may result in an increase in enterprise electronic mail compromise or fee card-related web site compromise.
• Declining financial circumstances may push extra folks into cybercrime as a solution to make ends meet.
• Hacktivism and politically motivated assaults will enhance as teams proceed to hone their skill to leverage social media and different platforms to prepare and goal private and non-private sector organizations.

The full Unit 42 report is available here.

What to Read Next:

CISO in the Age of Convergence: Protecting OT and IT Networks

Quick Study: Cyber Resiliency and Risk

The State of ITOps and SecOps: An Inside Look