March 04, 2016

What Happens When Hackers Compromise Insiders


This is the second in a series of posts on insider risk.

Compromised insiders are employees in your organization who have clicked on malicious links or opened malicious files and as a result have infected their computers with malware. Targeted spear phishing emails are often the initial method of attack. For example, a hacker prepares a PDF disguised as an applicant’s resume, loads it with malware such as a Remote Access Trojan (RAT), and then sends it to a member of your company’s HR department under the guise of a job application. When opened, the RAT installs itself on the target’s PC. Alternatively, an employee might have unknowingly clicked on a malicious link while surfing on the web, which then downloads and installs malware on their PC.

Once installed, hackers use your employee’s credentials to access network resources. They open up recently used files from the computer’s start menu, and identify mapped network drives in the file explorer, which is their starting point for discovering your network and servers.

Ideally for the attacker, the targets are unaware they’ve been infected.  Advanced persistent threats, (APT) for example, can result in hackers lurking undetected in your network for long periods of time. Once they gain access, they begin to collect information about your company’s network infrastructure and users. They attempt to identify the location of valuable data including databases, file servers, code base repositories, cloud apps and additional resources with the goal of stealing data. Hackers may operate undetected for years, waiting for the right moment, and the damage they do can be significant.

In our next post, we’ll examine malicious insiders.

Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.