Hostile foreign states are behind a surge in malicious insider breaches, driving IP theft and industrial espionage to an all-time high, according to DTEX. The insider threat specialist analyzed over 1300 investigations across its global customer base to compile the 2024 i3 Insider Risk Investigations Report - Foreign Interference.
It claimed to have recorded a 70% increase in customers seeking help to protect against foreign interference since 2022, with the biggest uplift in numbers coming from the public sector and critical infrastructure organizations.
While the majority of IP theft incidents involved data exfiltration of some form, techniques varied based on the controls that customer organizations had in place.
In some cases, the suspect was observed testing these controls with innocuous data, to see if it passed through without being flagged.
Malicious insider conspiring with nation states also go to greater lengths not to trigger an alert when bypassing security controls, the report noted.
It cited the recent case of Linwei Ding, a former Google engineer who was charged with stealing IP from the tech giant.
He allegedly copied data from Google source files into Apple Notes on his corporate MacBook, and then converted them into PDFs and uploaded them to a separate personal cloud account - in order to bypass the firm's data loss prevention checks.
DTEX claimed 64% of its malicious IP theft investigations also featured some form of sophisticated data preparation, aggregation and/or conversion.
Many included the conversion of data into some form of image or PDF. Perhaps unsurprisingly, the majority also attempted to conceal their activity by using private browsers, VPNs, mobile hotspots, burner emails and encrypted messaging accounts.
Some 95% even managed to avoid using ATT&CK techniques in order to stay hidden.
DTEX claimed that, overall, 15% of employees take sensitive data with them when they leave an organization, rising to 76% of employees who take non-sensitive information.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 09 Apr 2024 14:40:04 +0000