Keep backups offsite and offline, beyond the reach of attackers. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files. Use EDR or MDR to detect unusual activity before an attack occurs. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use endpoint security software that can prevent exploits and malware used to deliver ransomware. Stop threats early before they can even infiltrate or infect your endpoints. Create a plan for patching vulnerabilities in internet-facing systems quickly and disable or harden remote access like RDP and VPNs. But you should have measures in place to limit the damage and find any culprit. That will result in an unworkable situation. We’re not saying that every employee should be treated as a suspect or potential insider threat. And incidental access should be revoked when the need is no longer there. You do not want to make the scope of the incident worse by giving up your access policies in light of an investigation.Īccess to resources should always be limited to what is needed to get the job done. The case emphasizes the need for effective access control policies, even when an emergency presents itself. The term is often associated with disgruntled employees, but they can also be coerced, or jump on an opportunity that presents itself, as Liles did. While this definitely qualifies as an insider threat, this one seems to have been opportunistic rather than premeditated. The case has now been adjourned for sentencing at the same court on July 11, 2023. But on during a hearing at Reading Crown Court, he changed his plea to guilty. Liles denied any involvement for five years. Despite his attempts to wipe the data from his devices, the police was able to recover enough data to act as evidence to prove his crimes and establish his direct involvement. The unauthorized access to the emails could be traced back to his home address, which gave the police sufficient grounds to seize a computer, laptop, phone, and a USB stick. Due to some poor choices when it came to his own security, the police arrested Liles and searched his home. Unfortunately for Liles, a payment was never made and the unauthorized access to the private emails was noticed during the investigation. From that email address he began emailing his employer to pressurize the company to pay the ransom. And he set up an email address very similar to that of the attacker. According to the South East Regional Organised Crime Unit (SEROCU), Liles commenced a separate and secondary attack against the company.Īs part of his plan he changed the Bitcoin payment address of the attacker to his own in emails to the board members. But at some point he must have decided to use the circumstances to enrich himself. He worked alongside colleagues and the police in an attempt to mitigate the incident. As an IT Security Analyst at the company, Ashley Liles was tasked with investigating the incident. The intruder notified senior staff members at the company and demanded a ransom. It all started when the UK gene and cell therapy company Oxford BioMedica fell victim to a cybersecurity incident which involved unauthorized access to part of the company’s computer systems on 27 February, 2018. A 28-year old IT Security Analyst pleaded guilty and will consequently be convicted of blackmail and unauthorized access to a computer with intent to commit other offences.
0 Comments
Leave a Reply. |