- BBC journalist was aimed at hackers offering a profit from ransom
- The gang introduced himself with links to the addresses and forums Darknet
- MFA's bombardment turned online to invasive and anxious confrontation
The concept of the insider threat in cybersecurity is often discussed in abstract terms, theoretical vulnerability, which, as the organizations know, exists, but rarely encounters directly.
But this abstract risk has become a tangible reality for Bi -bi -x Cyber -correspondent Joe Tidi, when he was unexpectedly offered by a person calling himself, who claimed to represent Medusa ransom group.
Improeded contacts, initiated by the signal of an encrypted application for messaging, presented a simple, but criminal proposal for TIDY to ensure access to the BBC internal systems in exchange for a percentage of the future payment of ransom.
Proposal and bait of profitable successes
After consulting with senior editorial indicators, Tidi interacted with a person to understand the proposal mechanics.
SYN outlined the process in which the journalist will transmit his accounting data for the entrance, allowing the band to get into the BBC network, expand malicious softwareAnd extort the corporation.
The financial step was aggressively aggravated, and SYN suggests that the correspondent can receive 25% of the ransom calculated as the percentage of the total BBC income.
To establish trust, SYN provided a link to the Darknet's Medusa address and pointed out previous alleged successes.
He called the British medical company and supplier of emergency situations in the United States as examples of where insider transactions allegedly contributed to attacks.
After several days of the conversation, Tidy's attempt to stop for a while to consult with internal security experts caused a radical shift in the tactics from criminals.
Previously, the conversational Syn became impatient, requiring immediate actions and trying to put pressure to get carried away with ridicule for a future life on the beach.
This verbal pressure quickly turned into a direct technological attack, as Tidi's phone was suddenly flooded using a two -factor pop -up authentication window.
This method is known as the MFA bombardment, where they ask for the attackers in the Login Spam, hoping that the victim will accidentally approve it, and turned the situation from distant negotiations into an alarming, direct confrontation.
Bi -Bi -x had to completely disconnect from all BBC systems as a precaution.
The subsequent communication of the criminals was strangely apologizing, but they claimed that the initial transaction was available.
“The team apologizes. We tested your entrance page to the BBC system and it is a pity if it caused you any problems, ”they said.
The incident ended that the hackers ultimately deleted their account after receiving a further answer.
While Tidi did not have enough access at a high level, the criminals mistakenly assumed that he possessed, the episode served as a frightening thematic study, since cybercriminals are currently using a combination of financial incentives and aggressive technical coercion to achieve their goals.
Therefore, organizations should refer to such meetings with skepticism and guarantee that staff can quickly report unusual approaches.
