Delilah, discovered in 2016, is the first known "insider" threat trojan. Delilah spreads through social engineering and/or extortion, sometimes using ransomware techniques. The trojan is currently only shared through closed hacker groups. Diskin Advanced Technologies reports that the trojan is delivered to victims through downloads on popular adult and gaming sites. It gathers sensitive information on the victim to use later for manipulation or extortion. This trojan also has the capability to connect to webcam operations to film unsuspecting victims. Delilah requires the attacker to identify and prioritize victims who can be extorted into operating as insiders at the targeted organizations. The trojan appears to be a work-in-progress as it freezes victim workstations and displays error messages during certain functions. Organizations should prepare to see this type of threat evolve and increase as threat actors seek to obtain damaging and sensitive information for espionage and profit.
- July 2016: Gartner analyst reports on Delilah. (Gartner)