Increasingly, attackers are targeting the most vulnerable people inside companies and exploiting their weaknesses.

SAN FRANCISCO – Companies keep watchful eyes on disgruntled employees who are insider threat risks. But Code42’s CISO Jadee Hanson said distraught employees, that are particularly vulnerable to outside ploys, should be equally scrutinized.

Hanson said factors such as terminal illnesses, divorce or personal tragedies can be used against employees by attackers in the form of phishing emails that contain risky attachments and links. She said more companies are now trying to identify these “high risk” employees before external attackers do.

“If I can get the person in the finance department of a company to wire money to someone because I’m preying off of something that is going wrong in her life, and I’m threatening to tell her boss, that’s a much higher payoff to me than sending the mass phishing attack to everybody in the company,” Hanson told Threatpost in an interview at the RSA Conference 2019 last week.

She said adversaries are combing through social media and any other type conversation threads they can get their hands on to find a target who may be contributing to a survivor or support message board.



** What follows is a transcript of the interview **

Tom Spring: Hi. We’re here at Broadcast Alley at RSAConference in San Francisco, and I’m joined by Jadee Hansen with Code42. Jadee, please introduce yourself.

Jadee Hansen: I’m Jadee Hansen. I’m the CISO at Code42 and also lead our IT team.

Tom Spring: Well, Jadee, welcome to Threatpost Broadcast Alley. I was really intrigued by our last conversation when we were talking about different types of cybersecurity as it pertains to not just firewalls but more specifically towards insider threats and the unique ways that the adversaries are exploiting insider threats, which I honestly hadn’t considered until you shared them with me. Can you talk a little bit about your insider threat perspective and some of the new threat landscapes you’re seeing there?

Jadee Hansen: Absolutely. Yeah. You know, from a security perspective, we’re very focused on the external actor and sometimes lose sight of the internal threat that we should be all aware of. There was something that was just released this week on the Verizon data breach report talking about the rise of the insider threat issues and classifying them as either malicious or non-malicious, and it’s fascinating.

We like to think that all the employees that we work with love where they work and wouldn’t do anything to harm our company. However, we’ve seen it play out how insiders and how employees of companies absolutely take advantage of the companies that they work for.

Tom Spring: You know what is interesting, though, was what you were talking about when it comes to adversaries taking advantage of people’s, I don’t know, for lack of a better term, psychological vulnerabilities.


Shippers, retailers and restaurants are experimenting with robots, drones and self-driving cars in a bid to use automation to drive down the high cost of delivering gadgets, groceries and even cups of coffee the “last mile” to consumer doorsteps.

FedEx is teaming up with DEKA Development & Research Corp, whose founder Dean Kamen invented the Segway stand-up scooter and iBot stair-climbing wheelchair, for its project. The delivery company said the robots could become part of its SameDay service that operates in 1,900 cities around the world.


The battery-powered robots look like coolers on wheels. Cameras and software help them detect and avoid obstacles as they roam sidewalks and roadways at a top speed of 10 miles (16 km) per hour.

The project must win approval in test cities, including the shipper’s hometown of Memphis, and the first deliveries will be between FedEx office stores.

On average, more than 60 percent of merchants’ customers live within three miles of a store location. FedEx said it is working with its partners, which also include AutoZone Inc and Target Corp, to determine if autonomous delivery to them is a viable option for fast, cheap deliveries.


The “last mile” to the home accounts for 50 percent or more of total package delivery costs. Restaurants pay third-party delivery companies like Uber Eats, DoorDash and GrubHub commissions of 10-30 percent per order.

Investors and companies are pouring millions of dollars into projects aimed at lowering those costs and overcoming regulatory hurdles. For safety reasons, many states want autonomous vehicles to have humans as emergency backup drivers.


U.S. officials recently detailed an offensive cyber operation undertaken by U.S. Cyber Command to The Washington Post, revealing how the military blocked Internet access to St. Petersburg’s Internet Research Agency on the day of the U.S. midterm elections last year.

“The operation marked the first muscle-flexing by U.S. Cyber Command, with Intelligence from the National Security Agency, under new authorities it was granted by President Trump and Congress last year to bolster offensive capabilities,” writes the Post’s Ellen Nakashima.

Military offensive cyber operations were just one of the important global issues that we discussed recently with Cipher Brief Expert Dr. James Miller, former Under Secretary of Defense for Policy from 2012-2014.

In a Cipher Brief Exclusive, we asked Dr. Miller to outline his biggest concerns when it comes to future global cyber challenges.  Dr. Miller has spoken in the past at the International Conference on Cyber Engagement, being held this year on April 23, and hosted by Catherine Lotrionte and the Atlantic Council. 

Status of Military Operations in Cyberspace – Cyber Deterrence and Military Offensive Operations

Miller: I’m focused on the status of military operations in cyberspace, both on a day-to-day basis, and including issues related to cyber deterrence. The Defense Science Board has done some work on that topic, and Cyber Command has laid out their new vision to achieve, and maintain, cyberspace superiority.

The discussion has changed over the last few months, and I think our allies and partners as well as our potential adversaries, would welcome a continued conversation on that topic. The United States needs to listen to our allies and partners, as well as the perspective of our potential adversaries, in understanding what that competition looks like, where the potential for escalation is and so forth.

International Norms

Miller: Something I’ve discussed a lot with Catherine Lotrionte, and something that she has focused on quite a bit during her past conferences, has been on the issue of international norms.

Again, there have been some interesting recent developments.  The UN GGE (Group of Governmental Experts) did some good work several years ago. This past December, they adopted a resolution focused on advancing responsible state behavior in cyberspace.   We also have the Paris Call for Trust and Security in Cyberspace, and there are additional works that have been underway by some of our allies and partners.  I’ve been thinking about those norms both for governments and for the private sector and how they interact.  On that thought, an extension of the Paris call is the Cybersecurity Tech Accord, where the private sector is beginning to assert, in some pretty strong ways, what it will and won’t do.  This is both a challenge and an opportunity for the United States.

Working with Allies and Partners on Cyber Defense

Miller:  The topic of where we are right now in working with our allies and partners in cyber really intersects with the previous two issues.

There have been important recent developments including the last NATO summit with the opening of the Cyber Operations Center.  If you think about this in the NATO context, for decades there were two pillars of NATO security; the conventional deterrent and the nuclear deterrent. Less than a decade ago, missile defense was added as a key component, and now cyber over the past six to eight years has begun to work its way in to the defense strategy. Starting with the Cooperative Cyber Defense Center of Excellence in Tallinn, Estonia. And now it’s the Cyber Operations Center, which basically says, “Although NATO doesn’t have offensive cyber capabilities, nations can bring them in.”


We’ve all heard the proverb: Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime. Well now, threat actors don’t even have to exert the effort to phish to land business email accounts. 

According to an alert published earlier this year by the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) have caused $12 billion in losses since October 2013. Traditionally, social engineering and intrusion techniques have been the most common ways to gain access to business email accounts and dupe individuals to wire funds to an attacker-controlled account. These methods play out as follows:

1. Social engineering and email spoofing: Attackers will use social engineering to pose as a colleague or business partner and send fake requests for information or the transfer of funds. These emails can be quite convincing as the attacker makes a significant effort to identify an appropriate victim and register a fake domain, so that at first glance the email appears to belong to a colleague or supplier. 

2. Account takeover: Here, attackers use information-stealing malware and key loggers to gain access to and hijack a corporate email account, which they then use to make fraudulent requests to colleagues, accounting departments and suppliers. They can also alter mailbox rules so that the victim’s email messages are forwarded to the attacker, or emails sent by the attacker are deleted from the list of sent emails. 

These techniques have served threat actors well for quite some time. But now we are seeing new, more expeditious methods emerge to gain access to business email accounts. Compromised credentials being offered on criminal forums, exposed through third-party compromises, or vulnerable through misconfigured backups and file sharing services, make the opportunity to profit from BEC easier than ever. Email inboxes are also being used not just to request wire transfers, but to steal financially-sensitive information stored within these accounts or to request information from other employees. With declining barriers to entry for BEC, and more ways to monetize this type of fraud, we can expect the losses to continue to rise and perhaps even accelerate in the near term.

Here’s how these alternative methods work: