Spy Employee – An Insider Attack


Although many organizations are very enthusiastic about security measures like how to prevent ransomware, they may ignore one key aspect of cyberattacks, i.e., insider threats. 

Jeremy is a black hat hacker who was hired by Kiosk Technologies in the department of IT audit. A rival of Kiosk Technologies offered him a handsome amount to be a spy employee and carry out a major cyber-attack.

Right after joining the team, Jeremy studied the network and server infrastructure where he found several loopholes. Within a month, he became familiar with the entire network architecture and planned a major data breach. He also investigated the office security and got the idea to enter the main office building in non-official working hours. At midnight he entered the main office building through the emergency fire exit and goes straight into the server room.

He was aware that the storage drives are self-encrypted. At first, he removed the cover of the desktop and disconnected the X-PHY® SSD. The X-Site Secure feature detected the change in the ambient light. 

Recognizing the threat, the AI security engine immediately triggered the Motionlock to maintain the security of the X-PHY®. He then connected the SSD to a USB hub and the desktop with SATA and power cables.

He arranged a Hot Plug Attack and started to boot the desktop, swapped the SATA cable, connected the X-PHY® to his laptop, and kept the power on for self-encryption data bypass. The continuous AI real-time monitoring detected the illegal trait and the Power Lock feature was activated. It locked down the data at the firmware kernel level. 

This ultimately failed his attempts because the self-encryption drive keys saved in the security system management were wiped off. It further triggered the 2-Factor Keycode under the X-Factor Encryption Lock feature to protect the data at a firmware level.

X-PHY Protection Method

1. The Motionlock within the X-Site Secure feature detects the change in the ambient light upon the removal of desktop cover to disconnect the X PHY®

2. The AI real-time monitoring of the data operation at the kernel and firmware level detects the bypass trait and triggers the Powerlock feature to wipe the self-encryption drive keys saved in secure system management.

3. The X-Factor Encryption lock feature triggers data lockdown to prevent the attacker from accessing it and activates the Keycode 2-factor.

4. The X-PHY® enters safe mode and asks for the password to complete the 2-factor authentication.

Share This On Your Favorite Social Media!