Twitter & Trend Micro Fall Victim to Malicious Insiders

  /     /     /  
Publicated : 23/11/2024   Category : security


Twitter & Trend Micro Fall Victim to Malicious Insiders


The companies are the latest on a long and growing list of organizations that have fallen victim to users with legitimate access to enterprise systems and data.



Two separate incidents reported this week have once again highlighted how insiders with legitimate access to systems and data can be far more dangerous to enterprise security than external attackers.
On Thursday, the US Department of Justice announced indictments against two former Twitter employees for allegedly accessing private information tied to Twitter accounts belonging to several individuals of interest to the government in Saudi Arabia. A third individual based in Saudi Arabia was also indicted on related charges.
US national Ahmad Abouammo (age 41) of Seattle and Aliz Alzabarah (35) of Saudi Arabia are accused of using their Twitter employee credentials to collect information that helped Saudi officials identify individuals critical of the regime in the country. They are alleged to have provided the information — which included email addresses, phone numbers, IP addresses, and dates of birth — to officials working on behalf of the Saudi government and the Saudi royal family.
The charging documents described Abouammo as a former media partner manager at Twitter responsible for the Middle East and North Africa region.
In that role, he was involved in assisting notable Twitter accounts in the region — including those belonging to brands, journalists, and celebrities — with content and Twitter strategy as well as sharing best practices. Alzabarah was a site reliability engineer, with no authorized access to the Twitter account data. Even so, he is alleged to have accessed nonpublic data associated with more than 6,000 accounts, including 33 accounts for which Saudi officials had previously pressed Twitter for more information.
Abouammo allegedly received a luxury watch valued at more than $20,000 and hundreds of thousands of dollars in cash in return for the information. He was
arrested
in Seattle on November 5 and made his first court appearance today.
Alzabarah fled the country for Saudi Arabia after Twitter officials confronted him about his illegal activities. A federal warrant has been issued for his arrest and also that of a third individual, Ahmed Almutairi, 30, a Saudi-based individual who is alleged to have facilitated meetings between Saudi officials and the two former Twitter employees.
In a statement, a Twitter spokesman said the company is committed to protecting the privacy of individuals who use its platform to advocate for human rights, equality, and individual freedom. We recognize the lengths bad actors will go to try and undermine our service, the spokesman said. Our company limits access to sensitive account information to a limited group of trained and vetted employees.
Meanwhile, in a separate development, cybersecurity vendor Trend Micro on Wednesday said one of its employees had illegitimately accessed personal data belonging to about 68,000 of the companys 12 million customers.
According
to the security vendor, one of its employees used fraudulent means to access a customer support database containing names, email addresses, support ticket numbers, and, in some cases, the phone numbers of customers. He is alleged to have sold that information to a third-party malicious actor who then used it to attempt to scam Trend Micro customers. 
Trend Micro was alerted to the data theft in August after some customers of its consumer security products reported receiving scam calls for people purporting to be the security vendors support personnel. It wasnt until October, however, that the company was able to identify the source of the leak. The employee has been terminated.
A Long-Standing Problem
Trend Micro and Twitter are the latest in a long and constantly growing list of victims of insider abuse — a problem that many security experts say poses at least as big a risk to enterprise security as external attacks. Twenty percent of the security incidents that Verizons breach response group handled in 2018, and 15% of the actual breaches it
investigated
, involved insiders. Nearly half of those incidents (47.8%) were motivated by financial gain and a surprisingly high 23.4% by people seeking pure fun.
Insider threats present a special challenge because most security is focused at protecting incoming traffic, says Warren Poschman, senior solutions architect at comforte AG. Internal, properly authorized users are expected to be able to access data because it is part of their job functions.
The premise of you cant deny what is granted applies in that if an insider has legitimate access, then it is difficult to determine if a behavior is allowable, Poschman says. True intent can be hard to determine until after damage is done because legitimate user behavior can often be erratic, he adds.
Several tools are available to address insider threats, including user behavior analytics and risk-based authentication products. Data-centric measures such as tokenization and format-preserving encryption can also help by limiting access to sensitive data for all users regardless of the permissions they have, Poschman says.
Terry Ray, senior vice president at Imperva, says trying to proactively restrict all employees to just the data they need can be complex and even next to impossible for enterprise security organizations. Even a zero-trust approach — where every access request to a network or app is vetted for trustworthiness — has limitations when it comes to malicious insiders, he says. The only aspect of zero trust that might have benefited Trend Micro would be least privileged access — the idea that each individual should only have access to what they need for their role, he says.
To be effective, insider controls have to be based on a continuous monitoring of all user access to protected data. To spot unusual behavior, organizations need to be constantly analyzing who accesses data, what they access, how they access it, from where, and whether they should they have access to it.
Monitoring user activity on corporate data is not only fully accepted, its assumed by employees, Ray says.
Few, though, implement full data monitoring, and when they do, typically only the regulated data is monitored. The reality is that unregulated data is becoming more relevant at companies as well. Unregulated data may still be highly monetized by attackers and can have negative impact on organizations, Ray notes, regardless of a lack of regulatory fines.
Related Content:
How Do I Monitor for Malicious Insiders?
Ignore the Insider Threat at Your Peril
Insider Threats: An M&A Dealmakers Nightmare
8 Microsegmentation Pitfalls to Avoid
Check out 
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
What a Security Products Blacklist Means for End Users and Integrators
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Twitter & Trend Micro Fall Victim to Malicious Insiders