I read a story in Naked Security recently that reported the arrest of a couple of Italian cyber-criminals who have been stealing personal information from Italian mayors, prime ministers, cardinals, and other notables since 2010. They used a phishing exploit to install a Trojan Horse/keylogger called EyePyramid. There were a couple of things that caught my eye.
The first is the sheer volume of data stolen – 87 gigabytes! This information was used by the perpetrators to make stock trades on insider information.
The second thing that stuck out to me, the data was all stored on servers in the US, specifically Salt Lake City, Utah, and Prior Lake, Minnesota. The irony for me is I used to work for the company (Integra Telecom) with the servers in Prior Lake, so the local hook is compelling for me.
The story itself is interesting in that it illustrates a point I make in my training and speaking engagements. All data has value, even the stuff you think no one would be interested in. It also shows how effective a clever spearphishing campaign can be. It also backs up another belief of mine. People at the top, in positions of power and authority, are the WORST when it comes to computer knowledge and even a fundamental understanding of cybersecurity. And it makes them easy targets to exploit.
So if that describes you, maybe you should show up the next time your HR or IT department brings in a cybersecurity trainer for your employees. Hey – leading by example, isn’t that supposed to be a thing?Share