Ransomware hackers, ever on the hunt for rich pickings, are trying an old yet devilishly ingenious trick: the inside job.
TechRadar reports that a fair number of large-scale IT enterprises in North America have been reporting more instances of their own employees being offered bribes, all in order to make their digital infrastructure easier to breach for hackers.
The claim comes from a report from Hitachi ID, which surveyed 100 such companies last year. According to their findings, there was a 17% increase in the number of employees bribed with money, which often comes in cryptocurrency such as Bitcoin.
This increase, as per the survey, has been reported on the climb since November 2021. But things grew worse during the year-end and the beginning of 2022. 65% of the companies surveyed said these hackers approached their employees between December 7, 2021, and Jan. 4 of this year.
You can check out the report in its entirety on Hitachi ID, where there are even more interesting-yet alarming bits of information.
It was revealed that the employees (sometimes even top-level executives) were contacted through email (59% of the respondents). 27% said they were contacted via a phone call, and 21% claimed they were approached via a request on their social media accounts.
Fortunately, Hitachi ID discovered that at least over half of the surveyed organizations (53%) said they were prepared for external and internal cybersecurity threats. Only a tiny 3% said they weren't concerned about either of them, while a modest 36% said they were warier of external threats.
Cybersecurity breaches have been quite rampant during the past few months. For instance, the Log4j attacks of 2021 basically scared the entire digital world during the tail end of last year. Now, it seems like ransomware hackers are becoming even bolder-no longer relying on the same old subtle tricks.
Read also : REvil Hacker Hides Out in Siberia, Wanted by the FBI for Ransomware but Remains Uncaught
Ransomware Hackers Going Old School
The main thing about breaking into a company's servers for potential financial gain is simple: do it subtly, without garnering as much attention as possible. At times, these cybercriminals can get in and out digitally, all with watchful eyes none the wiser.
However, it still is far easier to have these "watchful eyes" on your side. Using a company's own employees to get around its digital defenses, whether voluntarily or not, is one of the oldest tricks in the book. And this is evidenced by several notable hacking cases in recent memory.
One such example is the EA data breach, which saw hackers steal 780 GB of data by using the Slack channel that the company's employees use. They reportedly bought some stolen website cookies, used the said cookies to worm into the Slack channel, then basically fooled the in-house IT people by posing as employees.
But this time, the hackers resorted to just bribing the employees for an inside job-a crude yet still deviously effective tactic.
This article is owned by Tech Times
Written by RJ Pierce