The Myth of the Insider Threat Too often after the announcement of a new breach, the first reaction from the victim company and the media is "another malicious insider attack". Case in point, I was catching up on news from various sources and came across the following: http://www.idgconnect.com/abstract/19647/lessons-sage-leak " “We believe there has been some unauthorised access using an internal login to the data of a small number of our UK customers so we are working closely with the authorities to investigate the situation,” the Newcastle, England-headquartered firm said in a statement." Of course an internal login was used to access the data, as part of the attack lifecycle, during your reconnaissance phase you identify accounts to target for possible compromise, based on the access/role of the individual. Phishing attacks or other simply attacks are often successful in gathering login credentials for individual users, which can then of
Ideas, tips, tricks, and theory on Information Security, risk management, forensics, and e-discovery.