When Cybersecurity Professionals Become the Criminals

Three US former employees of cybersecurity incident response companies have been indicted for allegedly conducting the very ransomware attacks they were supposedly hired to prevent.

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

The men are accused of deploying the Black Cat ransomware on multiple US companies, in the medical and manufacturing industry. Black Cat operated a Ransomware-as-a-Service model where freelance affiliates do the hacking for a share of the profit. Black Cat shut down their activities after international law enforcement seized their infrastructure. It was this operation that also gave FBI the leads that led to the arrest of the three US criminals.

The defendants include Kevin Tyler Martin, 28, a Ransomware negotiator at the cyber incident company Digital Mint, and Ryan Clifford Goldberg, 33, an Incident Response Manager at the cybersecurity company Sygnia.

The incident response company Digital Mint had previously been reported for questionable ethics in ransomware negotiations, including accepting kickbacks from ransomware groups during negotiations.

Assessment

The ethics of professional ransomware negotiations companies has always been highly questionable. Ultimately the business model revolves around making deals with criminals. This is not the first time ransomware negotiators, such as Digital Mint, have been accused of accepting kickbacks in exchange for facilitating smoother negotiations that ultimately result in the criminals getting paid.

This is another reason why Truesec never recommends paying a ransom, even if victims sometimes see no other way out, and never get involved in such negotiations. The companies involved in ransomware negotiations need to establish relationships with ransomware criminals that will expose their staff to many temptations as the criminals will use the relationship to gain influence over them.

One of the men later admitted that he got involved in the scheme to get out of personal debts. Personal debts spiraling out of control is one of the most common ways people become vulnerable to corruption. Truesec takes security vetting of all our employees very serious. We have ongoing security vetting programs for all our personnel and hold all our employees to the highest professional and ethical standards.

It is also important to note that many insider problems are identified through non-technical solutions, when managers or colleagues raise the alarm. Insider prevention is a company wide task – not only nested with those responsible for cyber security. Truesec can also support customers with insider prevention programs.

References

[1] https://ift.tt/nXucesO
[2] https://ift.tt/Q14JF30

The post When Cybersecurity Professionals Become the Criminals appeared first on Truesec.

Article Link: When Cybersecurity Professionals Become the Criminals - Truesec

1 post - 1 participant

Read full topic

Malware Analysis, News and Indicators - Latest topics