Being stung by a honeytrap is a constant security threat
Scandal, sleaze and ‘sexting’ - how the Westminster ‘honeytrap’ story is a reminder that vigilance against social engineering and phishing threats remains necessary
16 Apr 2024
Westminster in London is abuzz with chatter about one the last few weeks - a honeytrap scandal involving members of parliament, political aides and national journalists.
As more and more members of the establishment came forward the story has continued to dominate the news. Those individuals have confirmed they were contacted by two people who, in some cases, enticed them to share explicit and compromising images of themselves.
The police are now investigating and it stands as a reminder that anyone in business, politics or any industry could be the target of a malicious threat actor who may use criminal means to obtain data, information or pictures - which could be used to blackmail victims. Their ultimate goal is not known but their intelligence gathering tactics are targeted and are focused on one weakness - human nature. Whatever their aim it has had a significant impact which is at best embarrassing and at worst it is reputationally damaging.
According to G4S’s first-ever World Security Report, almost a quarter (24%) of the 1,775 Chief Security Officers (CSO) who anonymously responded to the survey see socially engineered threats as the most genuine to their company over the next 12 months.
Respondents from the UK agree almost exactly (23%).
It’s possible the bad actors may be state-sponsored, or they may be ‘subversives’ - a term which encompasses hackers, protesters and/or spies.
Half of global companies (50%) anticipate the threat from this group will soar compared to a year ago (39%). Two in five (40%) UK-based CSOs believe subversives will target them.
Once someone has fallen victim to a ‘honeytrap’ or socially engineered attack there is an increased likelihood of them becoming an insider threat to their organisation. Security threats committed by employees or subcontractors are already on the rise - a further finding from the World Security Report revealed.
Someone being blackmailed may out of fear become a begrudging ‘knowing insider’ and use their authorised access to obtain unauthorised information. It’s likely they then have to leak this to appease the criminal coercing them and prevent their secrets becoming public knowledge.
As seen in Westminster’s honeytrap case, the ‘knowing insider’ may share contact details of colleagues and contacts - which in turn could increase the number of ‘knowing insiders’ if these people fall foul of the entrapments the threat actor is setting.
What is so concerning about events like this is the insidiousness of the threat actors’ reach, and not knowing what information they are desperate to obtain. The first person they target and turn may just be the weak spot and gateway to reaching their ultimate target.
“‘Honeytraps’ have the potential to become like black holes - drawing in more and more people who are collateral damage. Another way to describe it is like dominos. If every 1 domino is connected to 2 more, you soon have a whole network of links. It takes just one small push to send the whole set tumbling, taking others down with them.”
Concluding, Noah said: “In a more connected world, we all need to be alert to the possibilities of cyber threats that impact physical security. Everyone must remain vigilant to unsolicited contact or suspicious links and report them to the appropriate business department, or block unknown contact details.”
Concluding, Noah said: “In a more connected world, we all need to be alert to the possibilities of cyber threats that impact physical security. Everyone must remain vigilant to unsolicited contact or suspicious links and report them to the appropriate business department, or block unknown contact details.”