Cybercriminals are planting so-called “sleepers” in cleaning companies so that they can physically access IT infrastructure and hack them.
The alert was launched by a senior police officer, cyber criminals are planting so-called “sleepers” in cleaning companies so that they can gau physicalaccess IT infrastructure and hack them. The police are urging organizations to bolster their physical security processes. Cleaners could allow attackers to bypass physical measures and once inside the target organizations they could hack internal systems and move laterally.
“Exploitation of staff is a key area” “Organised crime groups are planting ‘sleepers’ in cleaning companies that a procurement team may look at bidding for. There’s no way of auditing their vetting. They’ll also using people in painting and decorating firms; anyone who has out-of-hours access to a building is fair game.” Shelton Newsham, who manages the Yorkshire and Humber Regional Cyber Crime Team, told an audience at the SINET security event. “Even the old ‘drop a USB stick’ is back.”
“There are small steps businesses can make: we’re changing our visitor passes: until three weeks ago they were red, like our brand. Now they’re black and we encourage staff to be more suspicious of who’s walking around.” Santander’s UK CISO/Director of Security & Privacy Services, Emma Leith told Computer Business Review. “Regular red teaming and purple teaming; capture the flag exercises [all help]”, biometrics too, although there’s no point having cutting edge systems running on an old Windows server.”
The only way to prevent this kind of physical intrusions that exploit human factor and social engineering is to implement a cultural change.
Emma Leith stressed the importance of security awareness and the importance of regular training for internal personnel.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.