• Home
  • /Learn
  • /Rogue Cleaners: “Sleepers” planted among cleaning staff
background image


Rogue Cleaners: “Sleepers” planted among cleaning staff


Across the pond, UK police department, Yorkshire and Humber Regional Cyber Crime is urging businesses to strengthen their physical security measures as reports of “sleepers” among cleaning staff have been reported in affiliation with waves of cybercrime indicated in various organizations.

Criminal cyber gangs have been reported as planting “sleepers” in cleaning companies to give them convenient physical access to IT infrastructure in target business organizations. Shelton Newsham, who manages the Yorkshire and Humber Regional Cyber Crime Team in North East England, UK, issued a stern warning to the audience at the SINET cybersecurity event in London, England that he and his team had been seeing evidence indicating a “much larger increase in physical security breaches” as cyber criminals expand their attack vectors to diversify their attack surface.

In his warning, Newsham cast light on the very real risk of staff exploitation being a key factor in the calculated success of these organized crime groups.

“Organized crime groups are planting ‘sleepers’ in cleaning companies that a procurement team may look at bidding for. There’s no way of auditing their vetting. They’ll also use people in painting and decorating firms; anyone who has out-of-hours access to a building is fair game.”

Shelton Newsham, Yorkshire and Humber Regional Cyber Crime Team

Newsham mentioned a resurgence of ‘USB drops’, referring to a technique of a malware infected USB stick, cleverly left in opportune sites in and around business locations in hopes a curious staff member will pick it up and plug it in. Such items are typically labelled in a distinct fashion to pique a curious employee’s interest. “Payroll” or “Classified” for example, could possibly be written across these tiny devices. While this method is quite often successful, it pales in comparison to the success rate of direct physical access of a hacker, or affiliate of.

Once a rogue cleaner, who may well be a hacker themselves or working for one, is hired, they will bide their time and wait for the opportune moment to plug something in, or possibly remove something altogether in support of their objective.

Solving the Problem

In order to combat such threats, it is very important to deploy more stringent building access policies, secure all systems with strong passwords, complete with a second factor of authentication and set up networks in layers to mitigate the potential risks involved. In addition, employees of all businesses should be more cautious of who is wandering around their workplace premises and remain suspicious of someone who may appear to be acting unusual or attending to behaviour that appears to be outside of their work duties. Nurturing a culture of security in your organization is the best approach to stay protected from the dangers presented by physical attacks.

It must be expected that cyber-criminals are conspiring on a daily basis, discussing their motives, intentions and refining their tactics to accomplish their objectives. Many security teams may only be meeting on a weekly basis, or even monthly so it becomes impossible to keep up with the defense requirements with any level of efficiency. Further, when things go south, due to the breach reporting laws enforced by PIPEDA and GDPR, many organizations choose to hide their concerns from authorities. This is not a good approach.

Our Specialty

In response to all threat’s cybersecurity, Packetlabs has developed what we consider to be an organizations’ best bet when it comes to approaching cybersecurity through the eyes of an attacker. As demonstrated above, hackers are opportunistic in their approach. If cybercriminals do not limit their avenues of attack, it would make very little sense not to explore and analyze each of the opportunities they could potentially use against a target organization. This is where objective-based penetration testing (OBPT) comes in.

An objective-based penetration test takes conventional penetration testing to the next level by assessing the security within your organization through a simulated cyber-attack. In these engagements, rather than defining a set scope of specific targets, our team of specialists works closely with each security team to define objectives to learn what is important to each client’s unique environment. In this approach, our team can approach a target with the same perspective as an attacker might, leaving no stone unturned.

In an objective-based penetration test, Packetlabs will attempt to achieve each of the defined objectives by using the most advanced tactics to find the weakest links. The primary goal of this type of testing is to evaluate the overall security of your organization, as well as the incident response process.

Beyond the standard penetration test, an objective-based penetration test explores a three-pronged approach, just as a cyber-criminal would, assessing the people, processes and technologies in place. If you would like to learn more about how Packetlabs can help your organization stay ahead of cybercrime, please contact us for more information.