Other issues in this category (3)
Mining on a corporate scale
Friday, May 11, 2018
The excuse “our company doesn’t need an anti-virus because we have a competent system administrator” has virtually become a meme among IT professionals.
At small and medium-sized companies, the system administrator is often viewed as omnipotent—God and king. The administrator can install any software (effectively, at their own discretion), change network access settings, and create Internet usage rules. And because they hold all the passwords, administrators can access any confidential information.
System administrators don’t always part ways with their employers on good terms, and they often retain the ability to access the corporate network after they’re gone.
A man born in 1981 was previously employed as a system administrator. During his last days working for one company, he deployed a dormant procedure that deleted all the company's customer data a month after he was dismissed from his job.
In a series of layoffs, four system administrators were fired, and Yung-Hsun Lin was afraid that he would meet the same fate.
If the logic bomb had gone off, the information on 70 servers would have been deleted. The data included a patient-specific drug-interaction database.
In Nizhny Novgorod, a system administrator who had been dismissed from a branch office of a large chewing gum manufacturer exacted revenge on his former employer by making it impossible for his ex-colleagues to perform their jobs for a month.
Prior to that he’d been asked to take voluntary redundancy due to his habit of drinking alcohol at work.
The 32-year-old man did what was requested but also managed to wipe all the payroll and billing information from the company's servers.
The company's own investigation revealed that information on its corporate PCs was being accessed without proper authorisation during the period between autumn 2012 and summer 2013. The data contained confidential information regarding management decisions, transactions, company liabilities, and upcoming negotiations with business partners. As a result, the company *** suffered losses;
There are a lot of stories like that.
As a rule, technicians enjoy high levels of trust. But unfortunately they can sometimes abuse that trust.
Nine out of ten sabotage incidents are committed by people who are involved in some way with the IT industry.
Tech savvy people are responsible for 86% of the incidents. Among them, 38% are system administrators, 21% are programmers, 14% are engineers, and 14% are IT professionals.
As for saboteurs who don’t work in technical departments, 10% of them are editors, sales specialists, auditors, etc., and 3% are in the service sector, specifically these are people who interact with clients.
Up until now, most sabotage incidents have involved destructive activities such as deleting data post-dismissal. To avoid such incidents, companies can make advanced preparations: before quitting their jobs, potential "saboteurs" usually behave inappropriately and express their dissatisfaction.
But mining applications have changed everything.
- Corporate servers always have some extra power that normally remains unused.
- And only system administrators can access them. Trespassers are not allowed.
- As a rule, those servers lack anti-virus protection.
And people who are actually quite satisfied with their work and blend in with loyal employees are engaging in mining. They just want to make some extra money at their employers' expense.
On average, we’ve discovered incidents involving IT personnel installing mining software on corporate servers at one out of three companies.
The latter half of 2017 witnessed a substantial increase in the number of incidents involving system administrators (from 25.6% to 31.3%). We can assume that the figures may indicate a lack of employee supervision (or that the employees are sufficiently skilled so as to be able to circumvent security mechanisms).
The Anti-virus Times recommends
Sometimes legislation can't keep up with the progress being made in the hi-tech world. That's why companies should not rely on divine intervention but be masters of their own destinies. Every company needs to have regulations defining how responsible its employees are for the unauthorised use of software and to compile a list of the programs that employees are allowed to install on company computers. And, of course, anti-viruses need to be installed on servers too. The software should be configured to prevent employees from deploying malware in the corporate IT infrastructure.