Former sysadmin installs malware time bomb

Allegro MicroSystems LLC is suing a former sysadmin for allegedly installing a malware “time bomb” that deleted crucial financial data during the first week of the new fiscal year.

The defendant, Nimesh Patel, worked for Allegro for 14 years before resigning in January 2016. Allegro claims that three weeks later, on Sunday, January 31, Patel broke into the company’s grounds, gained access to the company’s network – using his access privileges as a senior IT administrator – and then installed malware that would eventually cause Allegro a reported $100,000 in damages.

Patel stole a laptop and sensitive info

Over the course of his employment with Allegro, Patel was issued with two laptops. After he resigned, the company requested them back – but Patel only returned one.

When Allegro discovered this, they again asked him to return the laptop. Instead, Patel returned an old personal laptop, having wiped the hard drive and operating system.

Patel kept the second laptop to access a database of the company employees’ usernames and passwords. Allegro claims that he returned to the company’s headquarters in Worcester, Massachusetts, so that he could be in range of the factory’s Wi-Fi network and install the “time bomb” onto the company’s Oracle finance module.

The malware was designed to execute a few months later, on April 1, 2016 – the first week of the fiscal year. When executed, it would “copy certain headers of pointers to data into a separate database table and then […] purge those headers from the finance module, thereby rendering the data in the database worthless.”

Laptop’s electronic fingerprint left on the scene

The software worked as designed, and after the accounting department noticed something was wrong, Allegro called in investigators. It took them 10 days to discover how the malicious code worked and stop it.

The code was eventually traced back to the laptop Patel had been allowed to keep, thanks to the electronic footprint it left on the network.

In a complaint filed by Allegro, the company said that “defendant Patel knew that his sabotage of the finance module on the first week of the new fiscal year had the maximum potential to cause Allegro to suffer damages because it would prevent Allegro from completing the prior year’s fiscal year-end accounting reconciliation and financial reports.”

Allegro claims the attack cost it $100,000. It’s seeking to recover these costs, plus its legal bills and damages to court levies, from Patel.

Mitigate the risks of insider threats with ISO 27001

Employees turning against their current or former employer should be a major security concern for organizations, not least because there’s no obvious way of spotting who may be a threat. Recently fired personnel or ‘disgruntled’ employees are prime candidates to commit revenge attacks, but opportunism, unintentional mistakes, or financial gain are other common factors.

Alan Calder, founder and executive chairman of IT Governance, says: “The insider threat is a big part of the information security challenge that organizations face. [The] underlying message is that in order to prevent this from happening, companies must educate staff, enforce effective policies and procedures, and manage access control.

“ISO 27001 should be the default standard that organizations turn to when addressing the insider threat and other issues.”

You can learn more about how ISO 27001 can mitigate the risk of insider threat from Alan Calder by reading his introductory guide, The Case for ISO 27001:2013. Ideal reading for anyone unfamiliar with the many benefits of ISO 27001, the guide shows you how the Standard can help organizations fight cyber crime, combat cyber terror, and improve corporate governance.

Find out more >>