Network insiders are being recruited by cybercriminals. The crooks recruit the insiders to gain access to telecommunication networks. Criminals often target disillusioned employees or use blackmail. It’s a dangerous trend, considering the large amount of data that telecommunication agencies have on their customers.
How Do Crooks Recruit the Insiders?
In a recent study by Kaspersky Lab showed that cybercriminals often target employees of large telecommunication companies.
„Using publically available or previously stolen data sources to find compromising information on employees of the company they want to hack. Then, they blackmail targeted individuals – forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear-phishing attacks on their behalf.“
Even publically available data-dumps like the ones from the Ashley Madison breach from 2015 can be used.
Some insiders join the criminals voluntarily. A worker can be either disillusioned with the company he’s working for, or simply desire to make some extra money on the side. The result is the same. This type of scheme can lead to corporate espionage and theft of personal information. That often happens on underground forums or even by direct communication with the employee by social media sites like Facebook, Twitter, and Google+.
How Dangerous Are These Attacks?
According to Kaspersky, 38% of targeted attacks are now achieved with the help of people inside the attacked entity. This trend in the world of cybercrime can prove very dangerous. Right now, there are a lot of data dumps floating around the Internet, which can be used for blackmail. Insiders will be a thing companies are going to have to get used to, unless they employ some protective measures. Like educating their staff about cyber-security, be more careful to whom they’re giving security clearance, and, last but not least, threat their employees well. Disillusionment with the company is probably the biggest factor when a worker turns to cybercrime. Low wages can also play a big part in the decision of an employee to work against his/her employers. Sadly, cybercrime pays, often it pays a lot. This is pretty bad for companies, but it also affects users, as their personal information is the goal of the attacks. Just think of how much information telecommunications companies have of their users. Addresses, Names, telephone numbers. That information can be very dangerous if it falls into the wrong hands. It’s what started a lot of the blackmail recruitment from cybercriminals.