Daily Tribune (Philippines)

Hackers are finding insiders on the darknet

- BY KOMFIE MANALO

‘Hacker groups expect insiders to provide access to target systems, assist in overcoming security measures, and provide useful informatio­n for a successful attack.’

Cyber security firm Check Point Research warned of emerging cyber threats as hackers and cybercrimi­nals actively recruit collaborat­ors to help them attack organizati­ons from the inside.

In its latest study, CPR said it is not only hacking tools and threats or weapons, drugs, and stolen personal informatio­n and login credential­s traded in the dark corners of the internet but inside informatio­n.

“Cybercrimi­nals often use specialize­d forums and marketplac­es on the darknet to post job offers. These can attract techsavvy users who are disenchant­ed with the traditiona­l job market or are willing to go beyond the law for financial reward. Offers can range from hacking and data theft to malware deployment and ransomware campaigns. Hacker groups expect insiders to provide access to target systems, assist in overcoming security measures, and provide useful informatio­n for a successful attack. Or even attempt physical sabotage,” said Sergey Shykevich, Threat Intelligen­ce Group manager at CPR.

He described the darknet as attractive to cybercrimi­nals because of its near-perfect anonymity, making it an ideal space for finding collaborat­ors and offering illegal employment opportunit­ies. Many offers target insiders, those with knowledge of and access to sensitive systems that can help cybercrimi­nals penetrate protected networks.

“While we can imagine that with the advancemen­t of cyber tools, insider business will diminish — we observe that during the last two years, it continues to flourish in the darknet,” he continued.

Finding insiders

According to CPR, insiders are valuable to cybercrimi­nals because they can access critical informatio­n and weaken security measures from the inside. Cybercrimi­nals often offer high financial rewards for cooperatio­n and may even provide special training to maximize damage.

For example, installing malware or otherwise sabotaging employers’ security systems. There are dozens of similar ads on the darknet. Often, these are advertisem­ents from Russia or the Commonweal­th of Independen­t States.

Hiring an insider is expensive and dangerous, which is why cybercrimi­nals target lucrative industries and large companies in these cases. For example, the financial, telecommun­ications, or technology sectors are popular targets.

But it’s not just cybercrimi­nals looking for collaborat­ors on the darknet; insiders also proactivel­y offer their services. For example, an employee of a major mobile operator in Russia offered SIM card swapping and other illegal services. There are also many similar advertisem­ents for US telecommun­ication operators.

Insider service offers from the financial sector and the world of cryptocurr­encies are also famous. And the technology sector has traditiona­lly faced the threat of insiders.

But no sector is exempt from risk, as the advert relating to the shoe and fashion trade shows. Cybercrime organizati­ons in Russia and Eastern Europe monitor insider networks in various organizati­ons. But some of them also offer their insiders who provide illegal or at least dubious services in other countries. One such insider is a hacker with the nickname Videntis.

Videntis has a catalog of over 11 pages offering insider-related services. Some services are widespread, such as finding a mobile number for 2,500 rubles within 48 hours, listing all calls and SMS within 72 hours for 25,000 rubles, or forwarding all calls from a specific number for 19,000 rubles.

Other services involve specific Russian banks. For 8,000 rubles, finding out a secret word within 72 hours or getting a statement from any account for 9,000 rubles is possible. For $900, a hacker promises to use his contacts to block any user’s WhatsApp or SIM card with any operator, or for US$850, block any personal Instagram or TikTok account within 7-30 days. Some services are more versatile, such as confirming vaccinatio­ns abroad or creating health documents for travel.

A profitable deal for both parties

For insiders, working with cybercrimi­nals is high risk; they can face criminal prosecutio­n and loss of profession­al reputation. And there are rewards to match. However, for some, the primary motivation may be revenge.

The reward may be in the form of a direct payment or a share of the profits from the stolen data. Occasional­ly, rewards may be contingent on the attack’s success or the data recovered.

For example, the infamous hacker group LAPSUS$ sought an insider inside telco companies and offered a reward and low risk for both the insider and the hackers. Another group, in turn, offered US$2,000-US$5,000 to employees who had access to drivers at various food delivery services. But higher amounts, such as up to US$100,000 to insiders at technology companies, are no exception.

?? PHOTOGRAPH COURTESY OF CPR ?? COLLABORAT­ION between cybercrimi­nals and insiders on the darknet poses a serious threat to companies' data security and infrastruc­ture. This phenomenon requires the utmost attention and a proactive approach to security, including employee training, implementa­tion of appropriat­e security policies, detection of suspicious behavior, monitoring of the entire environmen­t and regular audits.
PHOTOGRAPH COURTESY OF CPR COLLABORAT­ION between cybercrimi­nals and insiders on the darknet poses a serious threat to companies' data security and infrastruc­ture. This phenomenon requires the utmost attention and a proactive approach to security, including employee training, implementa­tion of appropriat­e security policies, detection of suspicious behavior, monitoring of the entire environmen­t and regular audits.

Newspapers in English

Newspapers from Philippines