- HEADLINES
- GLOBAL GOALS
- NEWS
- ACTION
- LIFE
- COMMENTARY
- BUSINESS
- DYARYO TIRADA
- SNAPS
- AIF
- MORE
Cyber security firm Check Point Research warned of emerging cyber threats as hackers and cybercriminals actively recruit collaborators to help them attack organizations from the inside.
In its latest study, CPR said it is not only hacking tools and threats or weapons, drugs, and stolen personal information and login credentials traded in the dark corners of the internet but inside information.
“Cybercriminals often use specialized forums and marketplaces on the darknet to post job offers. These can attract tech-savvy users who are disenchanted with the traditional job market or are willing to go beyond the law for financial reward. Offers can range from hacking and data theft to malware deployment and ransomware campaigns. Hacker groups expect insiders to provide access to target systems, assist in overcoming security measures, and provide useful information for a successful attack. Or even attempt physical sabotage,” said Sergey Shykevich, Threat Intelligence Group manager at CPR.
He described the darknet as attractive to cybercriminals because of its near-perfect anonymity, making it an ideal space for finding collaborators and offering illegal employment opportunities. Many offers target insiders, those with knowledge of and access to sensitive systems that can help cybercriminals penetrate protected networks.
“While we can imagine that with the advancement of cyber tools, insider business will diminish — we observe that during the last two years, it continues to flourish in the darknet,” he continued.
Finding insiders
According to CPR, insiders are valuable to cybercriminals because they can access critical information and weaken security measures from the inside. Cybercriminals often offer high financial rewards for cooperation and may even provide special training to maximize damage.
For example, installing malware or otherwise sabotaging employers’ security systems. There are dozens of similar ads on the darknet. Often, these are advertisements from Russia or the Commonwealth of Independent States.
Hiring an insider is expensive and dangerous, which is why cybercriminals target lucrative industries and large companies in these cases. For example, the financial, telecommunications, or technology sectors are popular targets.
But it’s not just cybercriminals looking for collaborators on the darknet; insiders also proactively offer their services. For example, an employee of a major mobile operator in Russia offered SIM card swapping and other illegal services. There are also many similar advertisements for US telecommunication operators.
Insider service offers from the financial sector and the world of cryptocurrencies are also famous. And the technology sector has traditionally faced the threat of insiders.
But no sector is exempt from risk, as the advert relating to the shoe and fashion trade shows. Cybercrime organizations in Russia and Eastern Europe monitor insider networks in various organizations. But some of them also offer their insiders who provide illegal or at least dubious services in other countries. One such insider is a hacker with the nickname Videntis.
Videntis has a catalog of over 11 pages offering insider-related services. Some services are widespread, such as finding a mobile number for 2,500 rubles within 48 hours, listing all calls and SMS within 72 hours for 25,000 rubles, or forwarding all calls from a specific number for 19,000 rubles.
Other services involve specific Russian banks. For 8,000 rubles, finding out a secret word within 72 hours or getting a statement from any account for 9,000 rubles is possible. For $900, a hacker promises to use his contacts to block any user’s WhatsApp or SIM card with any operator, or for US$850, block any personal Instagram or TikTok account within 7-30 days. Some services are more versatile, such as confirming vaccinations abroad or creating health documents for travel.
A profitable deal for both parties
For insiders, working with cybercriminals is high risk; they can face criminal prosecution and loss of professional reputation. And there are rewards to match. However, for some, the primary motivation may be revenge.
The reward may be in the form of a direct payment or a share of the profits from the stolen data. Occasionally, rewards may be contingent on the attack’s success or the data recovered.
For example, the infamous hacker group LAPSUS$ sought an insider inside telco companies and offered a reward and low risk for both the insider and the hackers. Another group, in turn, offered US$2,000-US$5,000 to employees who had access to drivers at various food delivery services. But higher amounts, such as up to US$100,000 to insiders at technology companies, are no exception.
