 |
| Image from Unsplash |
“Dear
Patrick, I’d like to point out a super interesting high-tech opportunity to
you!” Or: “We’re impressed by your profile. How open would you be to learning
more?” Those were in my own language, but they also come in English: I’m
working on an exciting opportunity for an Information Security Team Lead role.
Would you be open to a quick chat this week to discuss further?
Headhunters
work on behalf of companies to find candidates for hard-to-fill positions. If I
ever wanted to work elsewhere, I wouldn’t even need to start looking; potential
employers reach out to me regularly. This mostly happens via LinkedIn, because
that’s where your professional profile is up for grabs.
It’s not
just companies trying to connect with professionals. Criminal organizations
also attempt to recruit new people. Not via LinkedIn, but through platforms
like Telegram – a space where criminals feel right at home.
They don’t
want you to come and work for them. In
fact, they want you to stay exactly where you are. You only need to do one
thing: give them access to your organization’s systems. They’ll handle the
rest. Besides an attractive reward, you’ll probably get a few extra days off. Because
their ultimate goal is to infect your organization with ransomware. Usually,
everything grinds to a halt, and work can’t resume for weeks. Recently, Jaguar
Land Rover’s global car production was down for three weeks. The financial
damage is estimated in the hundreds of millions. Earlier this year, a German
napkin manufacturer had to file for bankruptcy after two weeks of lost revenue.
Cybercriminals
need initial access – a digital foot in the door. Phishing is a tried-and-true
method, but now active recruitment is happening too. And it’s highly targeted.
A certain ransomware gang is currently looking for employees in finance,
insurance, and travel. Hospitality, the automotive industry, and oil companies
are also on their radar. They’ll tell you not to worry about criminal
prosecution because they take great care of their insiders; they promise to
handle your login credentials discreetly. According to them, the worst that can
happen is you’ll get fired. “Don’t listen to those clueless security people – they
have no idea what they’re talking about!”
Handling
your login credentials discreetly? Sounds nice, but that’s only half the story.
You can’t exactly work anonymously – much of what you do is logged. Logs will
show: user xyz performed this action on that date at that time. If there are
serious indicators, there are extensive ways to hunt down the suspected
culprit. And we’ll gladly use them.
It may look
like easy money, but don’t be fooled. You won’t get away with “that wasn’t me”
when your user ID is in the logs. That’s exactly why you should never share
your password with anyone – not even a colleague. Because what if that
colleague falls for a Telegram message and hands over your credentials? Such a
reckless move could cost you not only your current job but your future career.
Who wants to hire someone who got fired for that reason?
Better
listen to the advice of one of those “clueless security people” and steer clear
of such practices. If financial trouble tempts you, seek help instead.
Because
of a few days off, this blog appears earlier than usual.
No comments:
Post a Comment