Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Haunting Tale: Beware of the Insider

Written by Jordan True

October 28th, 2014

We all love October for the fall nights, changing leaves, hot cider and Halloween festivities. October is also National Cyber Security Awareness Month supported by the National Cyber Security Alliance. Although we preach cyber security best practices all year, it’s an important reminder to stay safe online.

In support of National Cyber Security Awareness Month and Halloween we wanted to showcase a spooky insider tale of trust and deceit. If phishing emails, computer worms and viruses already terrify you, then take this as a warning to never trust anyone with the keys to your network kingdom.

Rogue Insider Nightmare

Meet Jason Cornish, a trusted Senior Network Administrator working for a large pharmaceutical company, Shionogi Inc. His day to day responsibilities gave him access to important systems on the network and access to many privileged credentials. But over time business at Shionogi Inc. turned for the worse.

Shionogi had hard choices to make, and ended up having many layoffs. Stress ran high, and the layoffs caused tension between Jason and his manager, leading to an an argument where Jason resigned. He wasn’t ready to quit Shionogi entirely, though, and thanks to a close colleague and his own intimate knowledge of Shionogi’s systems, Jason was able to land a position as a consultant.

But when Jason’s friend was laid off, Jason couldn’t contain his anger any longer and decided it was time to punish Shionogi.

Jason decided to  use a local McDonald’s wifi connection to attack Shioniogi’s corporate network. After becoming a consultant, Jason’s access was never revoked, and he was able to again access through administrative account passwords that had not been changed. Over 15 virtual hosts, housing 88 services tied to Shionogi’s email, blackberry servers, order tracking system and financial management software were all deleted. Email was down for days and Shionogi lost over $800,000 before restoring their systems.

Will this story haunt your sleep tonight?

Luckily for Shionogi, Jason bought a big mac before connecting to McDonald’s wifi, helping law enforcement uncover the root of the attack and better understand what exactly happened. Most companies don’t get this lucky and are rarely able to pinpoint their attacker with certainty.

Whether it’s a careless worker or a disgruntled employee, remember to always have insider threat mitigation strategies in place. Strong password policies and audit trails for all privileged account use can drastically reduce the chance for an insider attack.

What about end-users?

Non-IT employees may not have access to privileged accounts to cause their own damage, but their lack of knowledge can also be a threat to your network. Have some fun this Halloween and share our ‘Will You Survive the Cyber Security Apocalypse?’ quiz with non-IT employees to raise awareness of staying safe online. Does your company have the IT skills and knowledge to stay alive? See how you and your colleagues score! Happy Halloween everyone!



Like this post?

Get our top blog posts delivered to your inbox once a month.