Yandex sysadmin caught selling access to email accounts

Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had a security breach, leading to the compromise of almost 5,000 Yandex email accounts.

The company says it spotted the breach after a routine check by its security team. They found that one of their system administrators with access to customer accounts was allowing third-parties to see some of these accounts “for personal gain”. Yandex made it clear in its official press release that no payment details were compromised.

With so much attention paid to eye-catching external threats like ransomware and BEC, it’s easy to forget that one of the biggest threats organisations face isn’t trying to force its way into their network, it was invited in.

Insider threats

Current and former employees, contractors, business partners, suppliers, third-party vendors, and service providers are all potential insiders. And they don’t have to be technologically savvy to pull off an “inside job”.

In fact, some insiders aren’t even intentionally malicious. The most common cause of incidents is employee negligence, such as the misuse of access privileges or a general inattention to keeping sensitive information private and secure, can cause employers a lot of headaches. This can be further compounded by a lack of effective cybersecurity and privacy training programs or an utter absence of an intentional culture of security.

Negligent and careless employees (or what others call “accidental insider threats”), more often than not, have zero intention to hurt their organizations; malicious employees, on the other hand, knowingly act against their employers for personal gain.

According to the 2020 Cost of Insider Threats: Global Report from the Ponemon Institute, the costliest insider threat is credential theft, which averages to nearly $875,000 USD to remediate. Not only that, incidents of credential theft have tripled in the last 5 years. With a booming demand for employees who are willing to share company secrets with criminals, it wouldn’t be a stretch to expect that cases involving this would be popping up more frequently. They pay well after all.

“Employees are always a prime target for adversaries, whether it is targeting them to leverage their machine or identity or recruiting them actively on a closed source forum,” said Brandon Hoffman, chief information security officer at Netenrich, an IT service management company, in an interview with Threatpost. “There has been several cases where we have seen a disgruntled employee posting messages on the dark web aiming to make a contact where they can ‘cash out’ their leverage as an employee.”

Organizational breaches have become a mainstay in news outlets, with many of them about outside parties forcing themselves inside private networks either by force (hacking) or social engineering (phishing). With the current pandemic and everyone working remotely, spotting insider threats has become more challenging than ever. This should make businesses more vigilant and determined in curbing insider threats before it happens. For those who don’t know where to start, here’s a good place: look at the zero trust model, and see how you can adapt it within your organization.

The post Yandex sysadmin caught selling access to email accounts appeared first on Malwarebytes Labs.