Last year ITV ran a drama series, Cleaning Up, starring Seridan Smith as the main character Sam, a cleaner who gets embroiled in the financial world including insider trading - recording traders' conversations and phone calls. Even earlier, back in 1963, a British comedy film, Ladies Who Do, starring Peggy Mount, Robert Morley and Harry H Corbett, was based on cleaners who stole tips from wastepaper baskets.
So it’s not a new idea, and it should come as no surprise to find that criminal gangs are now planting ‘sleepers’ in cleaning companies so that they can physically access IT infrastructure, inserting USB sticks.
Shelton Newsham, lead officer for the Yorkshire and Humber Regional Cyber Crime Team, told an audience SINET conference how organised crime groups are adopting the ruse as there tends to be no audited vetting of cleaners. They are also using other trades, plus leaving USBs around still works.
Jake Moore, cyber-security specialist at ESET commented to SC Media UK: “Cyber security can be very easily undermined if there is poor physical security alongside it. It’s best to bolster both of these bases of security to maximise protection as without one, the other is flawed. However, this message is difficult to get into the board room sometimes - especially once the price tag is seen.
“The best way to realise a business’ own flaws is to conduct a basic penetration test that involves both physical and cyber- threat vectors, and this will easily highlight where those risks lie. It would be arrogant to think that your business does not have weaknesses, so it is best to test these out using red team professionals who will acknowledge any weak points that need addressing.”