Computer security researchers have identified that there is an increasing rate of hackers looking for company insiders to help them break into corporate networks.
Company Insiders Recruited For Hacker Attacks
A new threat is lurking on the underground black markets. Security experts discovered a tendency for hackers to seek out company insiders to help them break into the corporate networks or sabotage the businesses. The dangerous recruitment methods have been investigated in a detailed report published by Red Owl and IntSights. According to them “organizations face asymmetric and unprecedented risks from insiders – employees and contractors who have valid access to enterprise networks”.
It appears that insiders are the cause for some of the most persistent cybersecurity attacks in the last few years due to two factors – the promise of significant financial gain and the ease of execution.
The researchers believe that the underground Dark Web has helped drive this threat with the following considerations:
Value of Action – The active underground black market allows such transactions to flourish.
Cost of Action – The hackers who are inexperienced can recruit more competent malicious actors to carry out the necessary intrusive actions.
Risk of Detection – The Dark Web increases malicious insider activity by providing the option of a lowered risk of detection.
Using covert techniques and in-depth search queries the team monitored insider activity and tracked the volume of references that are related to cybercrime over the past few years. A large spike was observed in the closing months of 2016. The researchers identified that insider trading is one of the most common crime planning activities.
Both recruitment and communication about attempted campaigns has been detected. The general trading activity is carried out it the bigger and more well-known communities, while information trade and the recruitment for more complex campaigns is usually done in private groups. Like other closed forums anyone who applies for access must prove their capabilities or access to the relevant knowledge by sharing real data from the target company that has to be verified.
An example post reveals that hackers recruit retail workers that have access to consumer credit card information. Using the stolen database from the business the hackers can conduct carding attacks – extraction of their money for personal profit. Other ways of using the compromised data is by purchasing various items (such as smartphones) and selling them on the black market. Other possible attacks can include the following:
Malware Infections – the insiders can plant malware directly into high-security networks of critical systems such as banks and financial institutions.
Sabotage – Deliberate sabotage of systems or the network as a whole.
For more information you can read the whole report available here.