Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.
Here are this week’s top takeaways:
Have a Facebook Account? Beware of this Ongoing Phishing Scam
A new phishing campaign launched against those with Facebook accounts has already been sent to more than 12,000 individual email addresses and targeted hundreds of organizations.
First observed on Dec. 20th, 2024, these ongoing attacks target account holders in the U.S. (45%) and Europe (45.5%), with a smaller percentage hitting Australian victims. Using an automated mailing service belonging to Salesforce as a marketing tool, the phishing emails are sent with a [email protected] return address for added authenticity. The emails themselves adopt a strategy of a false copyright infringement notification from Facebook: “It has been reported that your recent activity might be in violation of copyright laws.”
A threat actor who gains control over a Facebook admin account can also likely gain control over the associated business page, or an individual account can be used just as easily to alter content or manipulate messaging and change security settings to prevent the genuine user from regaining access. Mitigating such attacks is vital to protecting brand reputation, alongside preventing hackers from using hijacked accounts for further threat distribution and fraud.
To counteract this threat (and similar ones), it is advised that organizations:
- Set up alerts.
- Educate employees, clients, and customers on common phishing scams.
- Maintain an incident response plan.
Facebook, meanwhile, advised consumers not to click on links or open attachments from unknown sources, pay close attention to messages that contain urgent demands, and ask for passwords, account details, or other personal information. “Scammers frequently use deceptive email addresses that closely resemble official support accounts, but they are not legitimate,” Facebook warned, “Emails about your Facebook account will always come from: fb.com, facebook.com, facebookmail.com, support.facebook.com."
Corporate Mutiny Cybersecurity Risks (and How to Handle Them)
83% of organizations reported having at least one insider attack in the past year according to Cybersecurity Insiders’ 2024 Insider Threat Report. Even more alarming, the number of organizations facing between 11-20 insider attacks per year has surged fivefold, jumping from just 4% to 21% in 2024. 48% of respondents indicated insider threats have become a bigger concern in the last 12 months.
Regarding financial costs, 32% of companies reported recovery costs in the range of $100,000 to $499,000, while? 21% reported steeper costs, ranging from $1 million to $2 million.
When corporate cybersecurity mutiny occurs, the impact goes beyond just organizational morale—it can have serious cybersecurity consequences. Understanding the potential risks that come with discontent among employees is key to staying ahead of threats and protecting your organization:
- Operational Sabotage: Disgruntled IT administrators or employees could plant malicious code that activates long after departure. These attacks can cripple systems, causing delays, financial losses, or data breaches. However, mutinous employees can also disrupt critical business operations while remaining employed at the company, claiming human error. For example, altering configurations, deleting key files, or shutting down essential services, resulting in downtime and significant recovery costs.
- Knowledge Silos and Power Plays: Concentrated knowledge within small groups can result in an imbalance of power. If these groups form coalitions, they can disrupt operations by withholding critical information or taking proprietary knowledge with them when they leave.
- Shadow IT and Security Workarounds: Employees bypassing established security protocols to maintain productivity often create unmonitored systems or applications. These unvetted tools increase an organization’s attack surface and complicate incident response.
- Leaking Sensitive Data: Employees involved in mutiny may intentionally leak sensitive information to competitors, media outlets, or cyber criminals. This not only damages the organization's reputation but can also lead to legal and compliance violations. Developers or insiders might also intentionally expose sensitive credentials in public forums, such as GitHub repositories or file-sharing services. This can provide attackers with direct access to critical systems and data.
- Transferring Digital Assets Outside of the Company: Mutinous employees may transfer control of domain names, proprietary software, or cloud assets outside the organization, leaving the company vulnerable to operational disruptions or extortion attempts.
- Disregard of Employee Awareness Programs: Specifically cyber-related, employees disengaged with the company may disregard the completion or takeaways from assigned Employee Awareness Programs and related training, thereby putting the organization at higher cybersecurity risk.
Preventing corporate mutiny is largely about fostering a healthy, transparent, and supportive work environment that addresses employee concerns before they escalate into larger issues.
Strategies to achieve this include:
- Conduct Streamlined Offboarding: When an employee leaves the organization or is terminated, ensure that all passwords and access credentials are changed promptly. Timely offboarding helps mitigate the risk of retaliation or unauthorized access, reducing the potential for post-departure sabotage.
- Conduct Surveys to Monitor Staff Sentiment: Regular surveys provide employees with an anonymous platform to express concerns, suggestions, and dissatisfaction. This allows management to identify brewing issues and address them before they snowball into larger problems.
- Build Separation of Duties in IT Teams: To avoid too much power concentrated in one person or group, implement strict separation of duties. This ensures that no single individual can control critical processes or systems, reducing the risk of malicious actions.
- Monitor for Shadow IT: Shadow IT can introduce unvetted, unsecured technologies into your company’s ecosystem. Proactively monitor for unauthorized tools or applications that employees may use outside of official channels, as they can be exploited by those seeking to undermine security or operations.
- Streamline Communication and Workflow: Clear communication is crucial to avoid misunderstandings that can fuel discontent. Regular meetings, updates, and transparent decision-making processes help employees feel informed and included in the organizational goals.
- Monitor Policy Implementations: Ensure that security and operational policies are consistently enforced across all levels of the organization. Actively monitor for attempts to circumvent these policies, which could indicate disgruntlement or intentional non-compliance.
- Have Employees Sign Non-Disclosure Agreements (NDAs): NDAs offer legal leverage in cases where confidential or critical information is leaked. By classifying organizational data using Traffic Light Protocol (TLP), you can enhance the NDA’s protection, providing clarity on the sensitivity of specific information and the consequences of its exposure.
Recent Posts From Our Ethical Hackers
Every month, our ethical hackers work to provide free resources so that your team can continue improving your organization's security posture.
Here are just some of our recent posts:
