Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Many executives focus their security efforts and budgets solely on physical cyber threats, but attacks targeting an executive’s digital presence can be just as dangerous.
Criminals are looking to exploit the wealth of high-profile and high net-worth individuals—or cause them embarrassment or personal harm—at an unprecedented rate. And, as the most abundant source of company secrets and IP, they’re a primary attack vector of their businesses too.
Attacks on VIPs involve attempts at accessing their sensitive information and span both the real world and the web. Because of their digital and physical vulnerabilities, protecting them requires a 360-degree view of their attack surface, i.e., anything related to their physical or digital presence that can be used against them. But to defend an executive’s attack surface, you first have to define it.
Today, developing a plan to protect an executive, and in turn, their families and businesses, means understanding what information should be considered sensitive and having the tools to monitor the internet for it. References to names and addresses of the individual and their family and associates on forums, malicious rhetoric toward them, and the presence of leaked sensitive data are all crucial intelligence. This internet-wide visibility provides security teams with invaluable information and context not only about potential cyberattacks, but also attacks that may occur in the real world.
The top historic executive threats demonstrate how seemingly insignificant information has enabled completely preventable incidents. These top-five examples of threats to executives illustrate the overlap between the physical and the digital threat landscapes.
Robbing banks is a dangerous and challenging business. However, it becomes a lot easier if a would-be thief can get bank employees to do the robbing for them. This was the technique used by Michael Benanti.
Benanti kidnapped the families of employees at his target banks after performing extensive reconnaissance. Using the victims as leverage, Benanti and his co-conspirators forced the bank employees to perform the robberies for them. Of four attempts, one robbery was successful before the criminals were arrested.
This series of thefts demonstrates the potential danger of leaked personal data. The criminals were able to determine the home addresses of all of their targets, enabling them to kidnap the employees’ families and use them as leverage to convince employees to commit their crimes.
While a home address can be found for almost anyone on the Internet, executives’ digital exposure is much greater. Press releases and other public exposures can reveal patterns of life for executives that can be used for a variety of different purposes. To be effective, a security team needs to be capable of interpreting the same data used by criminals and identifying vulnerabilities that an attacker is most likely to exploit. These vulnerabilities include information such as a spouse, children’s names, location of their school sporting events are all readily available online. They may seem like harmless information but are a valuable source of information for anyone posing a threat.
The use of kidnapping to achieve criminal gains is not limited to Benanti. In 2017, Pavel Lerner, the CEO of a UK Bitcoin exchange, was kidnapped while traveling in Ukraine. The CEO was abducted by six armed individuals wearing balaclavas to conceal their identity. He was only released after the payment of a $1 million ransom in Bitcoin.
The details of this attack demonstrate the amount of data leaked about Lerner’s affairs. He was kidnapped while traveling by individuals who were well-prepared to do so, as evidenced by the use of balaclavas, firearms, and a vehicle with stolen plates. This level of preparation indicates that the attack was planned and demonstrates the potential impacts of data leaks regarding an executive’s travel plans.
Arguably, the most famous example of executive embarrassment occurred in 1998. During a business trip to Brussels, Bill Gates was hit in the face with a cream pie while entering the meeting.
While the impact of this incident was minimal, it could have been much worse. Anyone getting close enough to an executive to hit them with a pie could cause much more damage with equal or less trouble.
This incident was also entirely preventable. The pie was thrown by a known internet prankster who made a habit of filming such events and then trying to sell the footage. There was likely some indication on the internet that he intended to target Gates. A comprehensive search by security staff may have discovered this and been able to prevent the incident from occurring.
According to the BBC, Mohammed Dewji, Tanzania’s only billionaire, was kidnapped by armed men outside of a hotel gym while headed to complete his morning workout routine. After ten days, Dewji was returned safely, but not before his family offered $440,000 reward for information leading to his rescue. The police arrested three people for the incident.
The fact that Dewji’s kidnappers knew precisely where he was staying, familiarized themselves with his routine and could anticipate where he’d be at a particular time show they were actively monitoring him. Information about his schedule may have been available online, as well as discourse amongst Dewji’s attackers and those aiding his attackers regarding his whereabouts. Information like this is crucial for security teams defending high-profile executives to detect, monitor, and, if possible, remove.
Bill Gates isn’t the only one to get a pie to the face during a public engagement. During a speech in Perth in 2017, Qantas chief Alan Joyce was also hit with a pie to the face. His attacker walked up to the stage and interrupted the speech that Joyce was giving at a business breakfast. Joyce took a brief break to clean up and then returned to the stage.
As the attack against Bill Gates, this attack was likely entirely preventable. The attacker was detained by security after the attack, implying that they were on-site and that the attacker passed them and entered an important meeting while carrying a pie. Like the Gates pie event, indications of this attack may also have been present on social media or the wider internet, making it possible to predict and prevent the incident.
Digital security and physical security are not mutually exclusive. In fact, they are intrinsic to one another. These attacks against top executives were enabled by a combination of failures in both digital and physical security. Online discourse and data leaks enabled the attackers to know where and when to stage their attacks, and physical security failures allowed them to happen.
If you want to prevent harm to executives, you need a security program that bridges the digital and physical worlds. It’s critical to have a team and intelligence capable of finding leaked personal data, tracking what potential attackers can discover, and minimizing the likelihood of this information falling into the wrong hands.
Read up on how RiskIQ Executive Guardian® can defend your organization’s c-suite here.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
Wondering where to spend your Monday night at #RSAC 2020? Look no further! RSVP now to come celebrate with Flashpoint, @elastic, @ThreatQuotient, @Siemplify, and @RiskIQ at IGNITE! http://bit.ly/2VrsOpJ
Tomorrow: Stop by the @CrowdStrike booth at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt #RSAC2020
The RiskIQ Illuminate app for @CrowdStrike shows your organization's security visibility gaps by analyzing CrowdStrike endpoint coverage and comparing it to @RiskIQ's view of your digital attack surface https://bit.ly/2HFXStG
🛡️#CyberSecurityBrief #Alert: @FTC Refunds Victims Of @OfficeDepot Tech Support Scam via @BleepinComputer @AthertonLab #CyberSecurity #InfoSec #Malware #Ransomware #DDoS #DataBreach #ITsecurity #CyberThreats #CloudSecurity #CyberSecurityInsights https://cybersecurityinsights.substack.com/p/your-friday-morning-cybersecurity?r=63k3&utm_campaign=post&utm_medium=web&utm_source=twitter