Pierluigi Paganini
February 10, 2016
Insiders are one of the greatest security problems for any organizations, working from the inside they can operate under the radar for a log time stealing information and sabotaging processes and infrastructures.
Modern organizations are often helpless while facing with insiders that are threatening their information assets and intellectual property.
One of the most clamorous cases of insiders was related to the Yandex Search Engine, in December a former employee stole the source code of the Russian Search Engine and tried to sell it and its algorithms for just $29,000 on the black market.
Corrupting an insider is the most easy way to breach an organization, news of the day the attempt to breach with a similar technique the Apple’s European Headquarters in Cork, Ireland.
Crooks are offering to the Apple employees 20,000 Euro ($23,000 USD) in exchange of Corporate Login Details of Irish Apple Employees in exchange of 20,000 Euro ($23,000 USD).
Obtaining the Apple employee’s corporate login credentials, attackers could breach the system and move lateraly inside the company network exfiltrating precious information from the company’s archives.
“Hackers are offering Apple employees thousands of euros for their company login details, according to someone that works for the company in Ireland. The employee, who spoke to Business Insider on the condition we kept their anonymity, said there are a lot of people trying to get hold of Apple’s inside information.” reported the Business Insider.
“You’d be surprised how many people get on to us, just random Apple employees,” the Apple employee told to Business Insider. “You get emails offering you thousands [of euros] to get a password to get access to Apple.”
“I could sell my Apple ID login information online for €20,000 ($23,000) tomorrow. That’s how much people are trying” said another employee.
Apple is not underestimating the case, according to the company there are no illicit activities linked to the proposals received by its emaployess, anyway the risk of insiders is high.
As usual, the attackers have a deep knowledge of the victim, another former Apple employee confirmed to Business Insider that crooks contact specific figures inside the organization. Hackers use to apporach Apple staff and offer them money in exchange for login details or company information.
“They look for someone who has jumped diagonally into a junior managerial position, so not a lifer working their way up, and not a lifer who has been there a long time,” said the former Apple employee.
The circumstance suggests the importance of the human factor inside any organization, employees represents the weakest link in the security chain. Disgruntled employees or a staffer not trained to face attacks from outside could become a backdoor even in a armored organization.
(Security Affairs – Apple, insider)
