BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Gangs Infiltrating Companies As Insiders To Steal Idenities

Post by Peter McCalister January 13, 2012

It was only a matter of time before organized gangs would discover how easy it is for an insider to gain access to sensitive data and realize that if you can’t beat them, join them.

A recent blog titled “NY ID Theft Ring Used Insiders, Gang Members” published by Brian Krebs highlights that “Authorities in Manhattan today unsealed indictments against 55 people suspected of operating an identity theft and financial fraud ring, including a number of insiders at banks and companies throughout New York who allegedly helped to steal more than $2 million from hundreds of customers and clients.”

“These insiders used their positions to gain access to client data, and then sold that data to make money for themselves and their accomplices,” District Attorney Vance said in a written statement. “We will continue to work with our partners to build significant cases to disrupt identity theft and dismantle these criminal organizations.”

We have blogged extensively on the level of control an employee with full administrative credentials on both desktop as well as server computers can wield when they decide to misuse privilege for the purposes of data theft or damage. Extending this level of control to virtualized and cloud environments only makes the management more elusive and difficult to remediate when tragedy does strike.

Implementing a least privilege solution is the only way to truly mitigate insider threats whether intentional (and/or organized crime/gang related), accidental or indirect.

Leave a Reply

Additional articles

BI-5.1-user-asset-visibility-img

Understanding Who Has Access to What with BeyondInsight v5.1

Today, it’s my pleasure to introduce you to BeyondInsight version 5.1, the latest release of our IT Risk Management platform, which unifies several of our solutions for Privileged Account Management and Vulnerability Management. BeyondInsight v5.1 embodies BeyondTrust’s mission to give our customers the visibility they need to make smart decisions and reduce risk to their…

Post by Morey Haber April 15, 2014
Tags:
, , , , , , , , , , , ,

PowerBroker for Unix & Linux Now Available via Web Services

This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product.  With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API.  The Web Services interface implemented by BeyondTrust is an industry standard that…

Post by Paul Harper April 10, 2014
Tags:
, , , , ,

Heartbleed – When OpenSSL Breaks Your Heart

You’ve likely heard about the recent OpenSSL vulnerability, CVE-2014-0160, dubbed Heartbleed. The main takeaway of this vulnerability is that attackers can use this to obtain things like secret keys used for X.509 certificates, user names and passwords, instant messages, emails, and other highly sensitive information. For a technical analysis of the bug, check out this…

Post by BeyondTrust Research Team April 8, 2014
Tags:
, , ,