Recognizing internal threats

Corporate data leaks are the most dangerous threat to IT security today – a fact evidenced by industry development trends, company survey results, market analyses, and related studies.

Internal threats include any harmful actions with data that violate at least one of the fundamental principles of information security (integrity, availability, and confidentiality) and originate from within a company’s information system.

While there are many different kinds of internal threats, the most common are:

  • any violations of internal network security rules and procedures that could lead to data theft
  • unauthorized searches or viewing, modification, or destruction of confidential data
  • brute force password attacks and user installation of Trojans, rootkits and other malicious programs on the network
  • targeted data theft using removable storage media such as HDDs, USB Flash devices, card readers, or CDs/DVDs in order to copy and carry
  • theft of devices containing confidential data: laptops, hard drives, handheld computers, etc.
  • theft of corporate databases in whole or in part
  • unauthorized installation of Wi-Fi network connections in order to extract confidential data
  • printing important documents in order to remove hard copies from company premises.

These are just a few of the many different kinds of internal threats…

Confidential data breaches are directly connected to business operations risks, since a company can suffer major damage as the result of a data leak:

  • clients may be lost if the client base is leaked
  • technologies may be lost if technological secrets are leaked
  • founders and investors will be displeased if financial information is leaked
  • licenses could be lost of confidential data is not properly protected in compliance with federal requirements.

Even worse, a company’s business reputation will be tarnished, which could mean suspending operations – or even closing down completely.


Leaking ads

We found that because of third-party SDKs many popular apps are exposing user data to the internet, with advertising SDKs usually to blame. They collect user data so they can show relevant ads, but often fail to protect that data when sending it to their servers. Read Full Article


Kaspersky Security Bulletin: Threat Predictions for 2018

Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new event is an exciting new research avenue for us, as what were once theoretical problems find palpable expression in reality. On the other hand, as people with a heightened concern for the security posture of users at large, each event is a bigger catastrophe. Read Full Article


A Modern Hypervisor as a Basis for a Sandbox

In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment (or vice versa), to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, we will look at just one of them that was customized to serve the needs of a specific product and became the basis of Kaspersky Anti Targeted Attack Platform. Read Full Article


Satoshi Bomb

Let us discuss what defines the profitability of bitcoin mining, what principles for mining speed adaptation were initially embedded into it, and why these principles can lead to the failure of the cryptocurrency in the long run. Read Full Article


Neutralization reaction

Corporate information security services often turn out to be unprepared: their employees underestimate the speed, secrecy and efficiency of modern cyberattacks and do not recognize how ineffective the old approaches to security are. And if there is no clear understanding of what sort of incident it is, an attack cannot be repelled. We hope that our recommendations about identifying incidents and responding to them will help information security specialists create a solid foundation for reliable multi-level business protection. Read Full Article


ShadowPad in corporate networks

In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The source of the queries was a software package produced by NetSarang. Our analysis showed that recent versions of the software had been surreptitiously modified to include an encrypted payload that could be remotely activated by a knowledgeable attacker. Read Full Article