If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up call
The security giant has confirmed an insider threat incident but says systems weren't compromised
CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises slacking on this growing attack method.
The admission by the company follows initial reports from BleepingComputer, which noted that screenshots had been shared via Telegram by the Scattered Lapsus$ Hunters threat group.
The hackers behind the scheme told the publication they’d paid the insider a fee of $25,000 for their involvement.
Data shared included authentication details that were already locked down by CrowdStrike as it had detected the insider's activity. The hackers were also seeking CrowdStrike's reports on threat groups they were affiliated with.
While CrowdStrike admitted the incident took place, a spokesperson for the company told ITPro that no systems were breached and customer data remains secure.
"We identified and terminated a suspicious insider last month following an internal investigation that determined he shared pictures of his computer screen externally," the spokesperson said.
"Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies."
Chris Linnell, associate director of data privacy at Bridewell, said the incident highlights that such incidents are difficult to protect against.
Insiders already possess legitimate credentials and an innate knowledge of internal systems, meaning they’re able to bypass security controls undetected and wreak havoc.
"Malicious insider activity represents one of the most costly and challenging cybersecurity threats for organizations," he said.
"Unlike external attacks, these incidents exploit trust and authorized access, making detection and remediation far more complex.
Don't get caught by insider threats
Insider threats have become a recurring talking point in recent years, with security industry stakeholders warning about a sharp increase in these incidents.
Arctic Wolf's 2024 State of Cybersecurity report, for example, showed that 61% of organizations had spotted insider threats in the previous year — with 29% of those leading to a leak.
A similar report from Exabeam earlier this year revealed that two-thirds of European security professionals now see insider threats as a bigger risk than external threat actors.
There's a full spectrum of insider risks, Linnell said, ranging from inadvertent mistakes to deliberate acts of theft or sabotage, which we know can cause havoc for businesses.
In September, ITPro reported that fintech FinWise warned customers their data may have been leaked after an insider attack by a former employee.
Back in March, a "disgruntled" employee was convicted of "causing intentional damage to protected computers" after deploying a so-called "kill switch" on his former employer's networks.
High-profile incidents such as these should serve as a warning. However, Linnell noted that despite repeated warnings many enterprises still often disregard the threats they face.
"Recent cases highlight how motivated insiders can compromise sensitive data or systems, sometimes under pressure from organized crime or state-sponsored groups," he said.
"Despite this growing threat, many organizations still lack formal insider threat programmes and only identify issues after harm has occurred."
How to address insider threats
To mitigate the risk, Linnell recommended a layered approach combining technical measures such as behavioral analytics to watch for anomalies alongside data loss prevention tools to monitor sensitive data and network activity.
"Organizations should enforce strong access controls, including the Principle of Least Privilege, multi-factor authentication (MFA), and regular access reviews," Linnell added.
"Advanced measures like dynamic watermarking and screen capture blocking can deter and trace leaks, while adaptive protection technologies can automatically revoke access when abnormal behaviour is detected.
"Insider risk is not a problem that can be solved with a single tool — it requires a holistic, proactive strategy to protect sensitive data and maintain trust."
But it's not all about tech, he noted. Companies need to manage their people via clear policies with consequences, background checks during recruitment, and rescreening for high-risk roles.
Background checks and rescreening are a particular area of importance given the rise of fake IT workers. A host of businesses globally have been impacted by these types of attacks, which have become a hallmark of North Korean state-sponsored cyber crime activities.
These attacks typically involve state-linked individuals securing IT roles at companies, after which they begin extracting sensitive corporate data or infecting systems with malware.
The growing number of attacks has prompted advisories from law enforcement and big tech companies such as Google, which earlier this year warned hackers are targeting enterprises in both the United States and Europe.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Mistral CEO Arthur Mensch thinks 50% of SaaS solutions could be supplanted by AINews Mensch’s comments come amidst rising concerns about the impact of AI on traditional software
-
Westcon-Comstor and UiPath forge closer ties in EU growth driveNews The duo have announced a new pan-European distribution deal to drive services-led AI automation growth
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documentsNews Linwei Ding told Chinese investors he could build a world-class supercomputer
-
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move onNews Quantum security threats are coming, but a Bain & Company survey shows systems aren't yet in place to prevent widespread chaos
-
LastPass issues alert as customers targeted in new phishing campaignNews LastPass has urged customers to be on the alert for phishing emails amidst an ongoing scam campaign that encourages users to backup vaults.
