logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Next Generation of Insider Threats

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – ICS: Multiple Schneider Electric IGSS Vulnerabilities
    Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Alert – Chaos Ransomware – Active IOCs
    Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – Multiple Adobe ColdFusion Vulnerabilities
    Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Next Generation of Insider Threats

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – ICS: Multiple Schneider Electric IGSS Vulnerabilities
    Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Alert – Chaos Ransomware – Active IOCs
    Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – Multiple Adobe ColdFusion Vulnerabilities
    Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Alert – PowerShell Ransomware
September 26, 2019
Rewterz
Rewterz Threat Advisory – CVE-2019-16759 – Vulnerability in vBulletin Could Allow for Remote Code Execution
September 27, 2019

Next Generation of Insider Threats

September 26, 2019

Overview

Sophisticated cybercrimes are not originating from the outside world alone. There are threat actors within your environment too, who are also becoming tech savvy. After basic internal threats and deliberate attacks by disgruntled employees, there is a greater security risk from tech savvy employees.

Insiders in fact have many advantages over the outsider attackers.

How Do Insiders Evade Detection?

Using following techniques, insider threats can prove fatal for an organization without raising alarms.

  • Insiders do not need to conduct reconnaissance before launching an insider attack. Therefore, internal attackers have the advantage of evading possible detection by the IT security team during reconnaissance.
  • They also have the advantage of knowledge. They know where the treasure is, so they do not have to conduct messy searches of network and file systems in order to locate confidential information and credit card details of their target employees.
  • Another advantage insiders enjoy is that they do not have to download detectable malware in the environment. They can access systems without fetching external malware or contacting remote C2 servers, which could have been detected by the security systems in place.
  • Insiders can leverage multiple shadow accounts to disperse chunks of their activities, either fake or borrowed legitimate accounts, to avoid crossing the threshold limit set on automated detectors, thereby avoiding raising suspicion.
  • Insiders can also persistently locate key sellable corporate information by utilizing as much time as needed. They can access this shortlisted information and steal or sell it without the raise of an eyebrow.
image-1569500791.jpg

Hence, insiders can avoid possible detection by noisy reconnaissance, malwares, and hyperactivity.

Special Privileges and Stealthy Internal Hacking

Usually, employees are given more privileges than are necessary for the fulfilment of their jobs, just to ensure convenience. In addition to these excessive privileges, oftentimes the internal access controls are misconfigured, making Corporate’s secret and confidential information accessible by employees. Neglecting the loopholes in the configuration of internal access controls is a bigger mistake than most executives will consider it to be.

Since insider threats are on the rise, not only should information be secured from outsiders, but also from the insiders who are not concerned with the information.

Acquiring any admin-level privileges, insider threats can acquire stealthy internal hacking. For instance, Edward Snowden’s elevation of system privileges can be taken as an example, using which he crafted special digital keys to disguise his activity. When he accessed the confidential information, it appeared as if another user was accessing it. He went as far as deleting system logs to avoid trails and used encryption software so that security-monitoring systems could not detect the data theft.

image-1569500820.jpg

Exploitation of Privileges

  • Excessive permissions given to employees with specialized duties can be exploited, like networking staff appointed for traffic analysis or database administrators who access data for backups, etc. can exfiltrate available information.
  • Oftentimes, executives will not bother to refine custom privileges of employees, and will provide Domain Admin access as an alternate, thereby granting employees a super-user status.
  • Insiders can also exploit peer relationships to acquire passwords or accessibility given to these special users.
  • These special users like Database admins and networking staff may also use easy-to-guess passwords, (sometimes as basic as ‘John1234’) to avoid forgetting them, which can be guessed by other employees.
  • A Verizon Data Breach Investigations Report stated that 15% of all breaches involved “malicious or inappropriate use of existing privileges.”

How to Defend from the Insider’s Threat

Organizations have this rising concern of reducing cyber risk by the insiders.

  • The first step should be, identifying exploitable information, locating it, and limiting access to it to fewest people possible. Many organizations fail at this first step and make available the sensitive data to all employees of the organization.
  • Implement custom privileges best suited for each employee’s job requirement. For employees involved with administrative work, use a least-privileged admin model. “Local admin” accounts can be created where administrative privileges are only granted on selected machines.
  • Analyze behavioral profiles of user accounts to identify sneaky behavior. Intrusion prevention systems may not be able to detect these behavioral anomalies but there are software available that work on behavioral threat models.
  • Behavioral threat models can detect a targeted noisy behavior, for example, if massive encryption is carried out using a user’s account, immediate alerts are sent to the IT staff to suspend that user account that is potentially running ransomware.
image-1569500894.jpg


In the end, it’s not easy to spot next generation insiders. Begin with the knowledge that insider threats are already there with the knowledge of key assets and location of sensitive data. Immediate actions should now be taken to limit access to key assets, tailor user’s privileges as per job requirements, monitor and analyze behaviors, and always have someone ready to immediately respond to alerts generated by behavioral threat models. 

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo