Centrify CEO Tom Kemp reveals his own 'CEO Fraud' experience of social engineering aiming to scam his company's cash.
I have been seeing increasing number of articles on sites like Krebs on Security on a growing scam called “CEO fraud,” whereby crooks are using social engineering to get executives to wire funds to the crooks. One recent example was tech company Ubiquiti Networks, that was swindled out of $47 million. Another example is an Atlanta company that was scammed out $1.8 million. Also known as the “business email compromise” (BEC) scam, the FBI reports that over 7,000 victims have lost $750 million in the last 2 years and this form of swindling is growing over 270% since the first of this year.
As CEO of Centrify, I find it very interesting to read about this crime, as my company and I now regularly experience various forms of sophisticated attempts to get us to transfer money to crooks. Hopefully by using myself and this blog post as a case study for what the bad guys are doing, I can help others to not fall victim to this crime.
TPG appears to have dumped one of the longest-standing public faces associated with national broadband provider Internode and its parent iiNet, with South Australia-based technology public relations agent John Harris becoming the latest individual to part ways with the group following the TPG acquisition.
Harris is the managing director of South Australian-based Impress Media. The company was hired by Internode around the year 2000 when the fellow South Australian company started deploying its broadband network around Australia, installing ADSL equipment in Telstra exchanges and expanding beyond its Adelaide roots.
Read Renai's full report and analysis at http://delimiter.com.au/2015/09/02/tpg-dumps-internode-pr-after-15-years/
The Ashley Madison hack is a wakeup call not only for many individuals but for every single business, as well — many of which are still not paying enough attention to data security.
The hack, which revealed the email addresses, personal information and sexual preferences of the site’s 36 million users, is devastating on many levels.
For starters, Ashley Madison — whose slogan is “Life is short. Have an affair.`” — will likely be the first high-profile company ever to go out of business as a direct result of a cyber attack.
After all, it’s hard to see Ashley Madison regaining the trust of its customers, much less surviving the wave of legal action that’s now building. Two Canadian law firms were the first to file, with a $578 million class-action lawsuit in late August.
On the customer end, the impact on many families has already been devastating. Site users are getting divorced, children are being teased, jobs and livelihoods are in jeopardy. Police in Toronto say they have unconfirmed reports of two people who committed suicide linked to the leak of Ashley Madison account information.
It now seems likely that the perpetrator of the hack was an insider, probably a third-party contractor. The CEO of Ashley Madison has suggested that he knows who it is.
The hacker was able to get into every system and extract massive amounts of information, including the CEO’s emails, the customer database, source code to the website — everything. If indeed the culprit was a contractor, the company failed in a fundamental way to limit that person’s access to sensitive data.
To me, this hack comes down to poor privilege-management practices that granted the hacker far too much access. And it’s not just Ashley Madison.
Many recent hacks can be blamed on privileged accounts that give the bad guys the proverbial keys to the kingdom via root access. In fact, Verizon’s 2015 Data Breach Investigations Report shows that the most vulnerable point in any organisation is privileged identities that have root, admin or read/write access privileges to critical infrastructure, apps and data.
These privileged identities are necessary — users like database administrators and CIOs do need extensive access to computers, networks and applications — but privileged identities come with risk. Ashley Madison is just the latest and most sensational example of that risk’s enormity.
There are so many privileged accounts in large organidations that many of them don’t even know where all of their privileged accounts reside or who has access to them.
And it’s not just IT people with privileged access anymore. Nowadays, many of the regular folks in the enterprise are granted privileged access — marketing, for example. If marketing people want to update the corporate Twitter or Facebook account, they don’t call IT to do it, they just do it themselves — and the door opens wider.
This is how pro-ISIS cyber vandals hijacked the social media accounts of the U.S. military.
So, how can companies protect themselves from hackers, including malicious insiders, who can wreak havoc via privileged accounts? First, they must be smart.
One of the most important steps they can take is to adopt the principle of least privilege. Limit access to the minimum level necessary for normal functioning. IT should assume that networks will be breached and bad guys will get in. But when they do get in, IT can contain and minimise the damage if it has implemented the practice of least privilege.
Least privilege means giving people only the degree of privilege they absolutely need and access to the data they absolutely must have. It means auditing activity, especially on the most sensitive systems, looking for suspicious behaviour, and generating alerts if something out of the ordinary is happening. It also means implementing two-factor authentication to verify that people really are who they say they are.
The good news is that organisations are waking up to the threats posed by privileged user accounts.
In the aftermath of breaches like Ashley Madison, there is a growing recognition that almost every cyber attack these days involves some kind of compromised credential and privilege escalation.
Once a hacker or malicious insider gets their hands on a vulnerable credential, they have the means to launch a large-scale attack. By putting in place systems that can secure identities and monitor privilege access, companies can better shield themselves from cyber attacks once and for all.
About Tom Kemp
Tom Kemp is co-founder and CEO of Centrify Corporation, a software and cloud security provider that delivers solutions that centrally control, secure and audit access to on-premise and cloud-based systems, applications and devices for both end and privileged users. Under his leadership, Centrify has become one of the fastest-growing security vendors in the industry, named one of the hottest enterprise cloud companies by a number of respected industry analysts and publications, and has amassed more than 5,000 customers including more than 50 per cent of the Fortune 50. Reach him @ThomasRKemp.