2.4 – Social Engineering - Insider Threats

Questions and Answers

Why are insider threats particularly challenging to defend against?

• Perimeter security measures are completely ineffective against insider threats.
• Insiders are inherently trusted and often have legitimate access to systems and data. (correct)
• Insider threats are only a concern for very large organizations with complex networks.
• Insider threats always involve the use of advanced malware, making them difficult to detect.

What advantage do insiders possess, even without special system access, that can aid in attacks?

• The ability to bypass all forms of authentication.
• Complete immunity from security audits.
• Institutional knowledge of the organization's infrastructure and data locations. (correct)
• Unlimited access to employee training materials.

What is a key characteristic of insider attacks that makes them difficult to detect?

• They always occur very rapidly, leaving little time for response.
• They exclusively target high-profile data, making them easy to identify.
• They can occur over extended periods, allowing for reconnaissance and vulnerability identification. (correct)
• They are always conducted by multiple individuals working in concert.

What emerging tactic are ransomware actors using to target organizations?

Bribing insiders with cryptocurrency to gain access to systems and data. (D)

Besides prevention, what fundamental security practice helps mitigate the damage caused by insider attacks?

Maintaining regular data backups. (A)

Why is perimeter security proving insufficient in the face of insider threats?

Perimeter security primarily focuses on external threats, not internal ones. (D)

What is the primary motivation behind ransomware actors bribing people inside organizations?

To gain access to systems and data for financial gain. (C)

What makes the recruitment of insiders a particularly insidious attack vector?

It leverages trusted individuals to bypass security measures. (D)

Which strategy is most likely to improve a network's overall security posture against both insider and external threats?

Establishing solid security fundamentals and maintaining data backups. (A)

Why might an employee consider accepting a bribe from a ransomware actor, despite the risks?

The potential financial reward from a successful ransomware attack can be substantial. (D)

Flashcards

Insider Threat

Threats originating from individuals within an organization who have authorized access to systems and data.

Institutional Knowledge

Internal knowledge of systems and data locations that insiders possess, aiding in identifying vulnerabilities.

Insider Recruitment

The act of cybercriminals enticing internal staff to provide access to sensitive systems or data, often in exchange for payment.

Security Fundamentals

Solid security practices and data backups to resolve issues inside the network.

Study Notes

• Insider threats are challenging to defend against because insiders are trusted and have access to systems and data.
• Insiders possess institutional knowledge, know the location of devices, and understand which servers hold specific data types, even without special access.
• Insider attacks can occur over extended periods, involving intelligence gathering, data discovery, and vulnerability exploitation.
• Attackers sometimes recruit insiders to provide access and data.
• Perimeter defenses are improving, but internal network protection needs enhancement.
• Ransomware actors have been known to bribe insiders with cryptocurrency to gain network access.
• A single ransomware infection can generate millions of dollars for attackers, making bribery a worthwhile tactic.
• Strong security fundamentals and data backups are crucial for defense against insider attacks.
• Backups may not prevent insider attacks entirely but can help resolve internal network issues if discovered.