A network is especially vulnerable to malicious insiders, who already have privileged access to organizational systems. According to companies like Fortinet, rogue insider can leverage these security flaws to access sensitive information about an organization, or exploit a security hole on a network to cause an attack on a company’s networks.
How the Insider Attack Works
While we understand that insider threat is a problem in organizations of all sizes, the vulnerabilities identified by the report are unique to certain organizations. Here’s how the insider attack works:
The insider exploits a vulnerability in one of the organization’s infrastructure. In some cases, the insider takes advantage of a known vulnerability on an existing network device or an internal or external source, such as through a website or a link from an internal document.
The insider uses this information to compromise the system and gain administrative access, and then uses that access to take control of all devices that are connected to the network. These exploits are not new, and they’ve been used in previous attacks, such as the Heartbleed and Shellshock attacks. The attackers then use the compromised devices to launch their DDoS attacks.
According to the researchers, in their testing, the attackers were able to target more than 15 million PCs at a time. By leveraging these exploits, the hackers were able to deliver a devastating attack on multiple websites and servers. By targeting sites and servers in particular, the hackers were able to take control of those sites and server and then use them to launch their attacks.
The researchers believe that the attacks started in the middle of December and lasted until early February. The attacks were carried out using a variant of a technique known as a spear phishing attack.
The spear phishing attacks, named by researchers as “Energetic Bear,” send out emails with malicious attachments. The malicious attachment will attempt to trick the recipient into clicking on the link or downloading the file. Once the person has done so, they will be redirected to a fake Google web page. From there, the attackers will infect their victim by exploiting the vulnerabilities in their browsers.
