In a case highlighting the importance of removing access upon termination, a disgruntled employee wreaked havoc with his employer’s systems when he was terminated.
A former cloud engineer at a bank was terminated for violating company policies, including inappropriate laptop use. After he was fired, the employee went home and used a company issued laptop to launch attacks on the bank’s network. His sabotage included deploying malware, deleting code repositories, and impersonating colleagues. Despite being ordered to surrender the laptop, the employee resisted, providing several excuses as to why he couldn’t, including filing a false police report, alleging the laptop’s theft. He was eventually sentenced to two years in prison for causing over $220,000 in damages to his employer’s computer network and being ordered to pay over $500,000 in restitution. This case highlights the risks tied to disgruntled employees and underscores the need for swift security measures upon termination. You need to make sure that access is terminated or suspended as part of the separation process, regardless of whether company equipment has been returned.
https://www.bleepingcomputer.com/news/security/cloud-engineer-gets-2-years-for-wiping-ex-employers-code-repos/
https://www.theregister.com/2023/12/12/cloud_engineer_bank_prison
This segment was created for the It’s 5:05 podcast
https://505updates.com/2023-12-21-cybersecurity-and-open-source-headlines/