Nearly every single day we get calls from customers in our “Jigsaw Threat Mitigation Model” program that complain of insider threat activity or theft of their intellectual property. Our technical surveillance countermeasures team finds eavesdropping devices pretty frequently and not just from divorcing spouses, we’re talking everything from highly sophisticated burst transmitter to sound and electronic pickoff devices. The number of attacks being observed is increasing and companies are falling victim.
Stay award and ensure you check your private areas often. We fully expect to see more and more of these types of physical eavesdropping incidents especially while many buildings have been vacated and employees are working remotely.
A Jigsaw TSCM flyaway kit with a pair of Kaiser 1059 pre-amps
Universities being targeted
Chinese threat actors are targeting North Carolina universities with the aim of lifting highly sensitive research since the COVID-19 outbreak, Russian threat actors are lifting large amounts of highly technical data with the aim of being able to track US interest all the while many companies are ill prepared to defend against these targeted attacks.
More and more security budgets are being expended on cyber security protection even though 38%* of all successful attacks begin with eavesdropping or targeted attacks on third party systems used by corporate America. Companies are missing key indicators of direct targeting of their employees including job postings attributed to known threat actors that make offers that are too good to be true to talk to employees about jobs that don’t exist. Over the last few months since the coronavirus outbreak, a rise in targeting has been observed in which “recruiters” pretending to interview candidates push for information during mock interviews to glean details on sensitive projects underway at companies. In many cases these fake recruiters are asking for large amounts of information.
Recruiters not what they seem - fraud with SF-86 component
Always request am invitations and verify you are entering your information electronically in the e-QIP system. Do not ever send a completed SF-86 form to anyone other than a trusted Government representative and only then in person. By taking advantage of this appearance of legitimacy, the unknown threat actors are obtaining some of the most sensitive information about the applicant. More and more of these incidents are being seen and additional information is available by RFI.