A man has been sentenced to 2 years in prison in the US after being convicted of hacking Cisco’s Webex collaboration platform in an insider-threat case brought in the US District Court in California.
Sudhish Kasaba Ramesh, 31, admitted that he broke into Cisco’s cloud infrastructure in 2018, hosted on Amazon Web Services, about 4 months after he resigned from the company.
Then, he said in his plea agreement, he deployed a code from his Google Cloud Project account, which automatically deleted 456 virtual machines that host the WebEx Teams application.
2 Weeks
As a result, 16,000 WebEx Teams accounts were shut down for up to 2 weeks &, the incident cost Cisco about $1.4m in remediation costs, including refunding $1m to affected customers, according to a court announcement.
The defendant was further sentenced to serve a 1-year period of supervised release following his time in prison. In addition to jail, the court ordered Ramesh to pay a $15k fine for ‘intentionally accessing a protected computer without authorisation’ & ‘recklessly causing damage to Cisco.’
He will begin serving the sentence on Feb. 10, 2021.
Access
It is unclear why Ramesh caused the attack, or how he was able to access Cisco’s infrastructure after he was no longer working for them.
Insider threats – be they disgruntled former employees, rogue employees or clueless workers who accidentally create risk – are an ongoing top danger for companies. Often, employees are groomed by outsiders. Says a 2019 study from OpenText, between 25-30% of data breaches involved an external actor working with an internal person in an organisation.
Blackmail
“We used to focus on external threat actors, but now, when compromising the network, many have someone on the inside, whether it’s because they bribed them or blackmailed them,” Paul Shomo, Senior Security Architect with OpenText, suggested at the time.
The insider-threat issue has been exacerbated by the transition to remote work. In the past, insider threats from employees & others given access to the network were more easily monitored because they were inside the network perimeter, & so malicious activity could be more easily detected.
Restricting Access
“Even while employees continue to work from home, they still require access to corporate assets to do their jobs well,” commented Justin Jett, Director of Compliance & Audit at Plixer.
“Without access, some employees can’t perform their duties at all. Organisations must define long-term policies for how employees access company-owned assets, especially if they intend to allow employees to work from home indefinitely.
Such policies should include restricting access by role, as well as other security measures like requiring employees to be connected to the corporate VPN.”
https://www.cybernewsgroup.co.uk/virtual-conference-january-2021/
