Tiger Raids were once the tool of high end criminal gangs looking to steal large sums of money from organisations with enough security and defences to make a direct attack highly risky to the criminal gang.  Instead, the gang builds up a profile of key staff within the target organisation and then targets a staff member they believe to be of most benefit to them.  The gang then attacks the staff member by holding their loved ones hostage.  The staff member is then told to go to work, take the cash and then bring it back to the criminals who in turn release the hostages.  This type of attack gets its name from the way tigers are known to wait in long grass while stalking their prey.

This has proven to be an effect mode of attack and one that many organisations find hard to protect against.  After all, the targeted staff member will value their loved ones’ lives more highly than the potential monetary loss to their employer and so will be highly motivated to succeed.  The organisation typically has placed a lot of trust in the employee who is now coerced into being the ultimate insider threat.

I have been noting with interest the trend in Tiger Raids over the past number of months.  They are becoming more frequent and in some cases are clearly the work of copy cats trying to emulate the success of more highly organised gangs.  Today, 12^th January, saw a new trend whereby not only is the sophistication of those carrying out the attacks decreasing but also, arguably, the profile of the target organisation.  The manager of a fast food restaurant was forced to hand over an undisclosed sum of money as a result of such a raid.

What has this got to do with information security you may ask?  Well quite simply the modus operandus of a criminally motivated attacker to get information out of an organisation may also change.  A typical information attack happens over the network; either directly by compromising firewalls and other perimeter defences or by sending well crafted emails to lure the recipient into clicking on an attachment or a link resulting in malicious software being installed.

As our network perimeters become, hopefully, harder to penetrate perhaps the next step in information extraction is to use tiger raids to wrest vital information out of organisations by targeting the soft target that employees present.  It may be worthwhile considering who would be the most likely target for such an attack in your organisation and adjusting your incident response plan to cover this potential threat.  Those staff should also be coached as to how to identify if they are being targeted and what to do if they do become victims of such an attack, including how to alert others that they are working under duress.

Who knows, today senior managers are the victims of Tiger Raids, tomorrow it could be the network administrator.