Ransomware-as-a-service operations are increasingly seeking to forge connections with employees, contractors and trusted partners of their target organisations as an alternative to straight-up hacking, says NCC.
Um, social engineering is hacking . . . inextricably so.
I mean, the way the tech salaries have been dropping the last few years, can you blame the people giving into the bribes?
I think it’s kind of funny that by “form relationships” they mean “find someone who can be bribed.” Bribery is ancient, it’s honestly crazy if they haven’t already been doing this.
He cited a well-reported incident in which the Medusa ransomware gang unwisely targeted the BBC by approaching its cyber security correspondent, Joe Tidy. The gang messaged Tidy on the encrypted Signal application to offer him 15% of a future ransomware payment if he gave them access to his PC. When this was rebuffed, Medusa’s recruiter upped the offer to a quarter of 1% of the BBC’s revenues, and promised Tidy he would never have to work again.
The other example in the article is the same thing.
all three [“victims”] worked in the cyber security field, specialising in incident response and ransomware negotiations. The Department of Justice (DoJ) said that one of the men became involved in the scheme because he was in debt.
This is definitely not new! I worked at a place ten years ago where someone was arrested while at work for selling proprietary server code.