Internal Hacker Attack - Several companies report security incidents!
Three large companies recently reported an internal hacker attack. We describe how the criminals proceed and how you can protect yourself!
Vincent Heinen Abteilungsleiter Offensive Services TL;DR
Insider threats caused security incidents at Shopify, where two employees stole merchant transaction data, and Instacart, affecting 2,180 customers. At Tesla, a Russian criminal attempted to recruit an employee to install malware, but the employee reported it, preventing an attack. These cases highlight the risk of excessive internal access rights. Limiting employee privileges to what their role requires, enforced through internal penetration testing, is an effective countermeasure.
Table of Contents (2 sections)
Hacker attacks are more and more in the spotlight, as the number of expensive attacks is increasing. In a hacker attack, most people imagine that a criminal finds a security hole in the system from a distance and exploits it. However, there is also a so-called internal hacker attack, in which the own employees cause damage. This is exactly what happened recently at the three companies Shopify, Tesla and Instacart.
Internal hacker attack - This is how the criminals proceeded
The large online commerce store Shopify reports that two employees are now being prosecuted for collecting and abusing unauthorized contact information from merchants. The Canadian company is working with the FBI and other law enforcement agencies to conduct this security investigation. The detailed investigation of the security breach is still in its early stages, but recent information reports that the two unscrupulous employees have been stealing transaction data from merchants. According to Shopify, this data does not include payment card information, but does include names, addresses and order details of products and services purchased. Shopify is not the only company that has recently faced internal hacker attacks, but also Tesla and Instacart. Instacart had to notify 2180 buyers that former employees had tapped sensitive information. At Tesla, the internal hacker attack could be fended off just about as well, according to CEO Elon Musk. Russian hackers contacted a Tesla employee and tried to convince him to introduce malware into the company network. The Tesla employee reported the incident immediately, so no hacker attack took place.
Protection against internal attacks
The fact that such sometimes large internal hacker attacks are possible is often due to the internal network structure. Often employees have more rights and privileges that they do not really need. To prevent internal hacker attacks, it should be ensured that employees can only view the data and have the rights they need for their work. Managing such configurations in large companies is very difficult and time consuming. We at AWARE7 GmbH offer internal penetration tests for such cases, in which we play an employee who suddenly becomes a criminal. We examine how far we get as a "normal" employee and which data we can access that we should not actually have access to. With an internal penetration test you will receive detailed documentation on how you should adapt your network structure to avoid unscrupulous employees and thus internal hacker attacks.
Monthly Threat Report
Chris Wojzechowski bewertet einmal im Monat die aktuelle Bedrohungslage aus Sicht eines Informationssicherheitsexperten. Sein 30-köpfiges Team ist näher an realen Cyberbedrohungen dran als kaum jemand sonst - mit konkreten Handlungsempfehlungen, die Sie am nächsten Morgen umsetzen können.
Bestseller-Autor (Wiley-VCH) · M.Sc. Internet-Sicherheit · Bekannt aus Handelsblatt & WamS
Zuletzt behandelt
1x im Monat · Kein Spam · Jederzeit abbestellbar · Datenschutz
Next Step
Our certified security experts will advise you on the topics covered in this article — free and without obligation.
Free · 30 minutes · No obligation
