Two former workers at cybersecurity firms have been indicted for hacking offences in the United States.
Kevin Tyler Martin, Ryan Clifford Goldberg, and another unnamed co-conspirator are accused of hacking the networks of a medical device company, a pharmaceutical company, a doctor's office, an engineering company, and a drone manufacturer.
The campaign of attacks was carried out between May and November 2023, with the trio alleged to have used ALPHV, also known as BlackCat, ransomware.
They demanded a $10 million ransom from the medical device maker, ultimately receiving around $1.27 million - their only successful attack. Other ransom demands ranged from $300,000 to $5 million.
According to the Chicago Sun-Times, Martin was a ransomware threat negotiator for incident response firm DigitalMint, along with a suspected accomplice who wasn’t indicted. Goldberg, meanwhile, was an incident response manager for Sygnia Cybersecurity Services.
An FBI affidavit shows Goldberg told agents he took part in the scheme to try and get out of debt. If convicted, he and Martin each face up to 50 years in federal prison. There's no suggestion that either DigitalMint or Sygnia was involved.
Cyber pros turning rogue is a real threat
Jamie Akhtar, CEO and co-founder of CyberSmart, said that while insider threats are a well known risk across all sectors, this case highlights a risk – albeit rate – that’s difficult to guard against.
Employees in tech and security roles are often highly skilled and trusted with privileged access – a dangerous combination if oversight and support are lacking.
"This incident is one of the most unusual we’ve seen, not least because the accused allegedly directed their actions outward, rather than at their own employer," Akhtar said.
"Even within cybersecurity vendors, not everyone has pure intentions. Just because an organization specializes in defence doesn’t mean it’s immune from becoming a source of risk," he added.
"Financial pressure, stress or personal grievances can all push individuals toward actions they might never have considered before. Prevention means not just monitoring systems, but also understanding and supporting the people who use them. Trust is essential, but it must always be verified."
New research this week from Cybersecurity Insiders and Cogility found that 93% of security leaders saw insider threats as harder to detect than external cyberattacks.
Only 23% expressed strong confidence in stopping them before serious damage occurs. Only 12% said they had mature predictive risk models.
“Without context like financial stress or behavioral shifts, security teams are watching shadows on the wall while the real danger moves unchecked," warned Holger Schulze, founder of Cybersecurity Insiders.
"If organizations fail to evolve, they’ll be reading about their data on the dark web before they ever see it in their logs.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
What is a tensor processing unit (TPU)?Explainer Google's in-house AI chips are the most notable alternative to Nvidia at the enterprise scale
-
Cyber Security and Resilience Bill: Security experts question practicality, scope of new legislationNews The new legislation aims to shore up critical infrastructure defenses, but questions remain over compliance and scope
-
Laid off Intel engineer accused of stealing 18,000 files on the way outNews Intel wants the files back, so it's filed a lawsuit claiming $250,000 in damages
-
GitHub is awash with leaked AI company secrets – API keys, tokens, and credentials were all found out in the openNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
-
CISA issues alert after botched Windows Server patch exposes critical flawNews A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix'
