Police are warning crooks are using cleaners to compromise businesses

Cybercriminals are planting so-called “sleepers” in cleaning companies so that they can physically access IT infrastructure and hack them.

The alert was launched by a senior police officer, cyber criminals are planting so-called “sleepers” in cleaning companies so that they can gau physical access IT infrastructure and hack them. The police are urging organizations to bolster their physical security processes. Cleaners could allow attackers to bypass physical measures and once inside the target organizations they could hack internal systems and move laterally.

“Exploitation of staff is a key area” “Organised crime groups are planting ‘sleepers’ in cleaning companies that a procurement team may look at bidding for. There’s no way of auditing their vetting. They’ll also using people in painting and decorating firms; anyone who has out-of-hours access to a building is fair game.” Shelton Newsham, who manages the Yorkshire and Humber Regional Cyber Crime Team, told an audience at the SINET security event. “Even the old ‘drop a USB stick’ is back.”

The only way to prevent this kind of physical intrusions that exploit human factor and social engineering is to implement a cultural change.

Experts stressed the importance of security awareness and the importance of regular training for internal personnel.

Pierluigi Paganini

(SecurityAffairs – physical access, cleaners)

Share this...

Facebook

Twitter

Linkedin

Reddit

Pinterest

Share On