Insider Threats Whitepaper Insider Threats Webinar
#1Malware Molly
#2Disgruntled Dan
#3Hijacked Hillary
#4Abusive Admin Andy

Hijacked Hillary

Offender Profile:

Hillary fell victim to a spear phishing attack and her account credentials are now in the hands of a cyber-criminal named Boris.

Alleged Behavior:

  • Looks for plain-text passwords and other files that hold credentials, like scripts
  • Tries to elevate privileges
  • Attempts to access other computers on the network using Hillary’s identity
  • Downloads recon tools and malware to help find sensitive data
  • Exfiltrates data via FTP or HTTP, or even DNS

The Verdict:

We can identify network logon events from Hillary that don't come from her usual IP addresses and occur at odd times. We can detect unusual activity on password files and scripts, and when binaries are put in odd places. We can detect the presence of recon tools and malware on network drives. Since Hillary's account has been hijacked, this behavior deviates from her normal file and email access patterns, and triggers Varonis' alerts.

Back to all

Hijacked Hillary

Offender Profile:

Hillary fell victim to a spear phishing attack and her account credentials are now in the hands of a cyber-criminal named Boris.

Alleged Behavior:

  • Looks for plain-text passwords and other files that hold credentials, like scripts
  • Tries to elevate privileges
  • Attempts to access other computers on the network using Hillary’s identity
  • Downloads recon tools and malware to help find sensitive data
  • Exfiltrates data via FTP or HTTP, or even DNS

The Verdict:

We can identify network logon events from Hillary that don't come from her usual IP addresses and occur at odd times. We can detect unusual activity on password files and scripts, and when binaries are put in odd places. We can detect the presence of recon tools and malware on network drives. Since Hillary's account has been hijacked, this behavior deviates from her normal file and email access patterns, and triggers Varonis' alerts.

Insider Threats Whitepaper Insider Threats Webinar
Contact Varonis