Nearly every single day we get calls from customers in our “Jigsaw Threat Mitigation Model” program that complain of insider threat activity or theft of their intellectual property. Our technical surveillance countermeasures team finds eavesdropping devices pretty frequently and not just from divorcing spouses, we’re talking everything from highly sophisticated burst transmitter to sound and electronic pickoff devices. The number of attacks being observed is increasing and companies are falling victim.
Stay award and ensure you check your private areas often. We fully expect to see more and more of these types of physical eavesdropping incidents especially while many buildings have been vacated and employees are working remotely.
A Jigsaw TSCM flyaway kit with a pair of Kaiser 1059 pre-amps
Universities being targeted
Chinese threat actors are targeting North Carolina universities with the aim of lifting highly sensitive research since the COVID-19 outbreak, Russian threat actors are lifting large amounts of highly technical data with the aim of being able to track US interest all the while many companies are ill prepared to defend against these targeted attacks.
More and more security budgets are being expended on cyber security protection even though 38%* of all successful attacks begin with eavesdropping or targeted attacks on third party systems used by corporate America. Companies are missing key indicators of direct targeting of their employees including job postings attributed to known threat actors that make offers that are too good to be true to talk to employees about jobs that don’t exist. Over the last few months since the coronavirus outbreak, a rise in targeting has been observed in which “recruiters” pretending to interview candidates push for information during mock interviews to glean details on sensitive projects underway at companies. In many cases these fake recruiters are asking for large amounts of information.
Recruiters not what they seem - fraud with SF-86 component
In one case this past week a “recruiter” requested a paper SF-86 from one unsuspecting researcher at an American researcher to try and get information on friends and family, the Government does this by electronic means in most cases and the site where the SF-86 document was supposed to be uploaded was branded to make the site look like a legitimate DoD website. Some research and digging on AWS showed that as many as 60+ applicants had already fallen for the scam based on incremental tracking codes used on the fake site. A review of a system in which the submissions were uploaded resulted in highly sophisticated malware being installed on the end users system due to a recently discovered JavaScript attack farther giving the fake recruiters access to the victims computer and networked systems. The unsuspecting targeted individuals were also targeted on their mobile devices.
Always request am invitations and verify you are entering your information electronically in the e-QIP system. Do not ever send a completed SF-86 form to anyone other than a trusted Government representative and only then in person. By taking advantage of this appearance of legitimacy, the unknown threat actors are obtaining some of the most sensitive information about the applicant. More and more of these incidents are being seen and additional information is available by RFI.