A few months ago, there were reports that threat groups were contacting the employees of the companies they were planning to attack and asked for their support to infiltrate in exchange for a certain share. It seems that this issue is getting more and more important every day.
Lastly, Lapsus$ group published a job advertisement that they are recruiting employees that working in certain companies including Claro, Telefonica, ATT, Microsoft, Apple and similar ones.
Insider threat is already a major risk for companies because they are trusted people of the company and have access to various data and systems. Until now, we have mostly treated internal threats as individual initiatives. These may be some employees who are unhappy, want to achieve different personal gains, just careless ones who sending e-mail to wrong destinations or untrained ones making mistakes on working systems. But with employees who started working with threat groups, insider threat goes to another dimension. Now, with the support and motivation of the threat groups, insider threats becomes more dangerous as knowing what she is doing really and is focused.
In the job advertisement, Lapsus$ also calls for the ones who are not employee but already has VPN to these companies. This also shows us the importance of the 3rd party risk and NDA agreements. even if you take adequate precautions with your own users inside – which is not 100% possible, this 3rd party connections poses great risk.
There is a lot to be done about this. As a post incident activity, the penalties given to the cases that have emerged can provide a deterrent in this regard. But the most important thing undoubtedly should be to increase the loyalty of the users to the company.