Cheese Movers International’s restructuring resulted in some employees being unhappy with either their new role or the new management. And unhappy employees, especially those who know the system well and have access, can become major problems for companies.
Verizon’s RISK Team was called in because the multinational company had heard rumblings among the disgruntled employees and found some negative comments online. While there was no evidence of a data breach, Cheese Movers' upper management was concerned something was coming.
This is just one case found in Verizon’s recently released annual breach report, which examines some of the cases where the RISK Team was called in to hunt down culprits. The “ride–along edition” of Verizon’s report provides a first-person perspective of the company that calls in the heavy hitters to find out why the network has slowed, who defaced a website or where a leak is coming from. With all the accounts, the names of the companies have been changed to protect the brand from public ridicule.
The RISK Team performs cybersecurity investigations for hundreds of commercial enterprises and government agencies annually across the globe. Over the previous three years, they conducted over 1,400 engagements for their customers. Here are a few of their reports:
Not moving on
Cheese Movers International (CMI) had drawn the attention of more than one group of hacktivists who had posted messages on their social media accounts referencing the company's organizational changes. Various derogatory hashtags on social media were popping up and threats against executives were being posted to social networking sites, according to Verizon’s report.
CMI’s precarious situation was exacerbated by the risk of an insider or recently terminated employee using their advanced knowledge of the organization to perpetrate an attack or to leak information to would-be attackers.
Verizon initially provided CMI with assistance and guidance in collating and reviewing open-source intelligence; this included searching social networks and online forums as well as specialized investigative activities within the darknet. They set up a secure anonymous account, which enabled Verizon’s crew to search through marketplaces and other locations on the darknet to see what the hacktivists were discussing in relation to CMI. These activities identified many threats and negative statements. And although most of the discussions were not considered genuine threats, the home address and personal details of executives were being actively sought by suspicious parties, Verizon reported.
The breach of personal information associated with senior executives was identified early enough that it could be reported to law enforcement. This was just the first of multiple threats and attacks experienced over the course of the next three weeks. Distributed denial of service (DDoS) attacks were attempted against many of the company’s websites (the majority of which were thwarted by the DDoS protection capability that CMI had put in place).
Sign up for CIO Asia eNewsletters.