GitLab hacked their own remote-working staff in a phishing test
Ever since the world was lockdown due to the coronavirus pandemic, work from home has become a regular feature for many tech companies. Working from office has become almost impossible and therefore big companies like Google, Facebook, Twitter, etc. are asking their employees to work from home. This has also increased the risk of phishing and insider threats for these big tech companies. Anyone can easily hack into a laptop of an employee without his/her knowledge and access the company servers leaking out confidential information.
GitLab’s is one of the top repositories with its headquarters San Francisco, United States and makes web-based software development tools that center on the Git distributed version control system. The company was founded by Ukrainian Dmitriy Zaporozhets and Dutch citizen Sid Sibrangy.
It started using work from home since the lockdown in the United States and other countries. It has about 1300 employees in various positions working in 67 countries across the globe.
To check the safety of its remote staff against hacking attempts, GitLab has carried out its own targeted phishing campaign on its own remote-working staff. GitLab’s security team said it selected 50 staff at random and sent them a targeted phishing email claiming to be a legitimate laptop upgrade offer from the GitLab IT department. Staff were asked to click on a link to accept the offer and were directed to a web portal to log in.
Those who entered their credentials were redirected to an online corporate handbook that explains how to identify a phishing attack.
The results were surprising and a grim reminder of how remote working could be risky for tech companies. The GitLabs sponsored phishing attack was successful against 20 percent of the GitLabs employees. Nearly one-fifth of the employees targeted exposed their corporate login credentials. In all, 17 of the targets, or 34 percent, clicked on the link, while ten, or one-fifth, entered their credentials.
This data is startling not only for GitLabs but for all companies using remote working to tide over the coronavirus pandemic. It remains to be seen how the companies get their act together to fight this new hacking threat against them.
With the remote working appearing a permanent solution to many big tech companies, the risks are already huge. Facebook and Shopify said last week they would deploy formal policy of allowing staff to work remotely long-term, while HP Enterprise said it expects “at least” half of its employees never to return to an office setting.
GitLab’s own hacking of its remote employees is a good lesson for companies like Google, Microsoft, and others.