CyberSecurityBoard
Sponsor Register Login

Former Ubiquiti Employee Pleads Guilty to Data Extortion and Insider Attack

A former employee of the technology company Ubiquiti, Nickolas Sharp, pleaded guilty on Thursday in a Manhattan federal courtroom on charges related to perpetrating an audacious insider attack on his employer. Sharp, 37, was a senior software engineer at the New York-based company, which specializes in wireless communications. He abused his administrative access and downloaded gigabytes of confidential data from the company's Amazon Web Services and GitHub servers. He then demanded a ransom of about $1.9 million in bitcoin in exchange for the stolen files and information about a purported insecure Backdoor in the system. Sharp pleaded guilty to one count of transmitting a program to a protected computer that intentionally caused damage; one count of wire fraud; and one count of making false statements to the FBI. Together, the charges carry a maximum sentence of 35 years, which will be decided by a judge in May. After the company discovered the breach, Sharp was assigned to the team working to investigate and remediate the incident. He then posed as an anonymous hacker and sent a ransom note. When his demands were not met, he retaliated by causing false news stories to be published about the company. Following the coverage, Ubiquiti's stock plummeted, losing $4 billion in market capitalization over a two-day span. The journalist Brian Krebs, who quoted Sharp anonymously on his site Krebs on Security, was ultimately sued by Ubiquiti for his coverage.

This Cyber News was published on therecord.media. Publication date: Thu, 02 Feb 2023 21:04:02 +0000


Cyber News related to Former Ubiquiti Employee Pleads Guilty to Data Extortion and Insider Attack

Ex-Ubiquiti Programmer Admits to Attempting to Blackmail Company - Nickolas Sharp, a former employee of Ubiquiti, a networking device maker, pleaded guilty today to stealing a large amount of data from the company's network and attempting to extort them while pretending to be an anonymous hacker and whistleblower. ...
1 year ago Bleepingcomputer.com
Enhancing Organisational Security: A Comprehensive Guide to Insider Risk Management Courses - In a world increasingly aware of internal security threats, the necessity for comprehensive insider risk management courses has never been more crucial. Astonishingly, up to 90% of organisations acknowledge their vulnerability to insider attacks, ...
9 months ago Securityboulevard.com
Identifying Insider Threats: Addressing the Top Five Insider Threat Indicators - Cybersecurity teams work extensively to keep external attackers out of their organization's IT environment, but insider threats present a different, equally as difficult, challenge. Identifying insider threats is growing increasingly complex, and, as ...
11 months ago Cybersecurity-insiders.com
How to Identify & Monitor Insider Threat Indicators [A Guide] - Most security protocols look outward when looking for cybersecurity threats. Our recent study found that 42% of exposed credentials came from an insider threat-former employees whose credentials were still active, employee error, or a malicious ...
7 months ago Securityboulevard.com
Key Takeaways from the Gartner® Market Guide for Insider Risk Management - Insider risk incidents are on the rise and becoming more costly to contain. As a result, earlier this year, Gartner predicted that 50% of all medium to large enterprises would adopt insider risk programs. The report reveals several key findings about ...
10 months ago Securityboulevard.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
ExUbiquiti Staff Member Admits to Pretending to be a Cybercriminal - Nickolas Sharp, a former employee of Ubiquiti, has confessed in court to misusing his company-provided credentials to steal data and then attempting to extort the company. Sharp, 37, of Portland, Oregon, was a senior developer at the New York ...
1 year ago Securityweek.com
Former Ubiquiti Employee Pleads Guilty to Data Extortion and Insider Attack - A former employee of the technology company Ubiquiti, Nickolas Sharp, pleaded guilty on Thursday in a Manhattan federal courtroom on charges related to perpetrating an audacious insider attack on his employer. Sharp, 37, was a senior software ...
1 year ago Therecord.media
Ubiquiti users report having access to others' UniFi routers, cameras - Since yesterday, users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's UniFi cloud services. Ubiquiti is a popular networking device ...
10 months ago Bleepingcomputer.com
DTEX Systems Appoints Mandiant Global CTO Marshall Heilman As CEO - PRESS RELEASE. SAN JOSE, Calif.- December 5, 2023 - DTEX Systems, the global leader for insider risk management, today announced the appointment of Marshall Heilman as CEO. In this role, Heilman will drive its mission to proactively protect global ...
11 months ago Darkreading.com
Former Ubiquiti Employee Admits to Stealing Data Extortion and Slander Campaign - Nickolas Sharp, a 37-year-old former software engineer from Portland, Oregon, who worked at Ubiquiti Networks, has admitted to stealing large amounts of data from the company, attempting to extort millions of dollars, and damaging the company's ...
1 year ago Bitdefender.com
Cracking the Code: The Role of AI and UBA in Mitigating Insider Threats to Businesses - Automating mundane tasks and driving data-driven decisions, big data enables businesses to make better decisions and drive transformation. The use of AI has been shown as an effective way of streamlining operations and enhancing security measures, ...
10 months ago Cysecurity.news
Unraveling the Aftermath of Verizon's Insider Data Breach Impacting 63,000 Employees - In the fast-paced world of digital connectivity, data breaches have become an unfortunate reality that businesses must constantly guard against. Recently, telecommunications giant Verizon found itself in the throes of a security crisis as it grappled ...
8 months ago Cysecurity.news
Former IT manager pleads guilty to attacking high school network - Conor LaHiff, a former IT manager for a New Jersey public high school, has admitted to committing a cyberattack against his former employer following the termination of his employment in June 2023. Last week, the U.S. Department of Justice announced ...
10 months ago Bleepingcomputer.com
Verizon insider data breach hits over 63,000 employees - Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. Verizon is an American telecommunications and mass media company providing cable TV, telecommunications, and ...
9 months ago Bleepingcomputer.com
Privilege elevation exploits used in over 50% of insider attacks - Elevation of privilege flaws are the most common vulnerability leveraged by corporate insiders when conducting unauthorized activities on networks, whether for malicious purposes or by downloading risky tools in a dangerous manner. A report by ...
10 months ago Bleepingcomputer.com
From IT Pro to Swiftie, Scott Sardella's Winning Big with Cisco Insider Advocates - Cisco's advocacy community, Cisco Insider, brings our customers together and provides a way for them to make powerful connections, expand their professional and personal networks, and learn from top experts in the field. The support from Cisco TAC ...
5 months ago Feedpress.me
Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
9 months ago Bleepingcomputer.com
Ex-Amazon engineer pleads guilty to hacking crypto exchanges - Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022. The two affected companies are Nirvana Finance, a decentralized crypto exchange, and an ...
10 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Data firm execs convicted for helping fraudsters target the elderly - A former senior executive and former sales manager of Epsilon Data Management LLC were convicted of selling data of millions of Americans to perpetrators of mail fraud schemes. As announced late last week by the U.S. Department of Justice, the two ...
4 months ago Bleepingcomputer.com
Former FTX executive Salame sentenced to over 7 years in prison - Another former executive of FTX has been jailed over his part in the cryptocurrency giant's implosion in late 2022. Ryan Salame, who was the co-CEO of FTX's Bahamian subsidiary, was sentenced to 90 months in prison, US federal prosecutors said. ...
5 months ago Packetstormsecurity.com
Trickbot Malware Developer Pleads Guilty - A 40-year-old Russian national, Vladimir Dunaev, pleaded guilty for developing and deploying Trickbot malware. Trickbot, a suite of malware tools, targeted hospitals and businesses, causing millions in losses. Trickbot is a sophisticated modular ...
11 months ago Gbhackers.com
Cybersecurity firm executive pleads guilty to hacking hospitals - The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center, in June 2021 to boost his company's business. Vikas Singla, who worked for Securolytics, a network ...
11 months ago Bleepingcomputer.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
1 year ago Trendmicro.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)