Insider threats are the biggest security risk for organizations because they can cause the most destruction. From taking advantage of privileged access to stealing company data – sometimes the biggest and worst threats to a company’s security program is right under its nose. September is Insider Threat Awareness Month and we are sharing famous insider threat cases to expose the serious risk of insider cyber attacks.
Target Data Breach Affects 41 Million Consumers (2013)
More than 41 million of the retail giant’s customer payment card accounts were breached in 2013. Hackers gained access to Target’s computer systems through stolen credentials from a third-party vendor. Four years later, Target agreed to pay $18.5 million in a multi-state settlement – the largest ever (up until that date) for a data breach.
In this famous insider threat case, the attackers gained access to Target’s customer service database and installed malware on the system. Hackers collected sensitive data like full names, phone numbers, email addresses, payment card numbers, credit card verification codes, and other customer data.
Capital One Data Breach Carried Out by a Single Insider (2019)
She was a former software engineer for Amazon Web Services, a cloud hosting company that Capital One was using. Taking advantage of a misconfigured web application firewall, the hacker accessed more than 100 million customers’ accounts and credit card applications. The company has since fixed the vulnerability and stated that “no credit card account numbers or log-in credentials were compromised”.
This famous insider threat case is particularly interesting because the hacker wasn’t concerned about hiding her identity. She shared her method of hacking into Capital One with colleagues on a chat service called Slack. Additionally, she posted the information on GitHub (using her full name) and bragged on social media about it too. This kind of behavior is a phenomenon psychologists call “leakage” where insiders who plot to do damage reveal their plans.
The hacker was arrested and charged with one count of computer fraud and abuse. Capital One expects the breach to cost up to $150 million.
Disgruntled Employee at Tesla Changes Code, Exfiltrates Data (2018)
Certainly, this insider threat case could have been avoided. But the electric car company neglected to put limits on the level of privileged access given to employees. It draws attention to the importance of having a security program that monitors user behavior to detect and prevent security incidents.
According to Tesla CEO Elon Musk, the saboteur used his insider access to make “direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.”
Anthem’s Account Compromise Breach of Personally Identifiable Information (2015)
A phishing email gave hackers administrative access to a major health insurance company’s database. As a result, the exposing of 78.8 million records of personal identification information. Records stolen contained medical ID’s, social security numbers, addresses, employment history, income data, etc. They were sold on the dark web. The hackers had administrative access for over a month.
The breach was discovered by a database administrator who noticed a suspicious database query running using his credentials. Then, he found out other credentials had been compromised.
The hackers sent employees phishing emails containing links to malware. Once clicked, the malware was installed, thus giving the hackers a backdoor to the database. They were able to access it remotely from their command and control server.
In 2017, Anthem agreed to pay $115 million to settle a class action lawsuit over the data beach. (Triumphing over the $18.5 million Target agreed to pay after being breached in 2013. Hackers gained access to 41 million customer payment card accounts).
What Can We Learn from these Famous Insider Threat Cases?
In short, a weak insider threat program can have devastating consequences. That’s why we emphasize the importance of having a reliable threat detection platform, like Gurucul User and Entity Behavior Analytics, to monitor your organization’s internal activities. Our powerful UEBA product leverages machine learning on open choice big data to predict unknown threats.
“Even progressive companies that can afford the best cyber-security protection can be taken down by one malicious insider,” says Gurucul CEO Saryu Nayyar.
Does your organization want to end up on the list of famous insider threat cases? We didn’t think so. Contact us today and learn why so many companies choose Gurucul for their insider threat detection needs.