Cybersecurity

Hackers Bribing Employees, Vendors to Deploy Ransomware

With ransomware attacks up by more than 150% in the first half of 2021, there seems to be no limit to the methods criminal hackers will use to deploy ransomware or otherwise cause cyber mayhem. Their latest trick: hiring your employees and vendors to help them.

Employees Tempted with a Cut of the Haul

Hackers have been known to send phishing e-mails with malicious attachments, deviously infiltrate remote desktops, and exploit any other security weaknesses they can find to gain access to your network. Additionally, what’s to stop them from simply bribing your employees or vendors to help them deploy ransomware? Nothing.

In a recent post, Crane Hassold, director of threat intelligence at Abnormal Security, explained the employee-assisted method of cyberattack in captivating detail. His team members intercepted and blocked e-mails from a fraudster who solicited their client’s employees for assistance in installing ransomware into their employers’ networks in exchange for a percentage of the ransom.

The fraudster admitted using publicly available contact information, such as that found on LinkedIn, to identify employees to target for the scheme and tried to assuage any concerns the individuals might have about getting caught with misleading or incorrect information.

What Employers Can Do

So, how do you prepare your organization for an employee-assisted cyberattack? Along with maintaining best-practice technical, physical, and administrative safeguards, educating your employees is key. Criminals try to stay a step ahead by creating new and devious way to target your staff by relying on social engineering techniques.

With respect to schemes aimed at using your employees as criminal accomplices, you can remove the intrigue and mystery underlying the tactics by explaining (1) the basics of post-incident forensic investigations and (2) of course the legal consequences of engaging in criminal activity. Likewise, “flowing down” (or imparting) minimum educational and other cybersecurity safeguards to vendors that have privileged access to your networks, systems, or devices is also a key method of mitigating the risk.

Kelly Campbell and Howard R. Feldman are attorneys with Whiteford, Taylor & Preston, L.L.P., in Baltimore, Maryland. You can reach them at kcampbell@wtplaw.com or hfeldman@wtplaw.com.