Attackers are using a new piece of malware to record employees' private moments, in order to manipulate staff into leaking company secrets.
According to Gartner fraud analyst Avivah Litan, the malware, which is dubbed 'Delilah', has earned the title of the world's first insider threat trojan since it allows its operators to capture sensitive and compromising footage of victims, which can then be used to extort the victim or convince them to carry out actions that would harm their employer.
Details of Delilah were shared with Litan by Israeli threat-intelligence security firm Diskin Advanced Technologies (DAT). The firm reported that the malware is being delivered via multiple popular adult and gaming sites. It's not clear from Litan's report whether the attackers are using social engineering or software vulnerabilities to install the malware.
"The bot comes with a social engineering plug in that connects to webcam operations so that the victim can be filmed without his or her knowledge," Litan said. "Once installed the hidden bot gathers enough personal information from the victim so that the individual can later be manipulated or extorted. This includes information on the victim's family and workplace."
The attackers are also using encrypted channels to communicate with victims, such as VPN services, and Tor. Unlike a lot of automated ransomware, Litan notes that the Delilah bots require a high level of involvement by human operators in order to identify the right candidates to recruit.
Litan issued an alert last month claiming that more Gartner clients were reporting concerns about insider threats and that employees were being actively recruited by criminals operating on the so-called Dark Web.
According to Litan, the recent rise in concerns over insider threats is due to how easy is for disgruntled employees to advertise their access to sensitive data on a Tor-encrypted website and then hook up with a highly competitive market of criminals who "even bicker amongst themselves for control and ownership of a trusted insider".
However, in the case of Delilah, the bad guys are using ransomware techniques to recruit potential insider threats. DAT reports that the malware is still buggy and produces error messages when the webcam function is activated. Also, the malware causes monitors to freeze due to the number of screenshots it is taking.