Last year several reports revealed that privileged users were the riskiest in organizations. Researchers have now established yet another troublesome tendency – an increase of employees turning into insider traders. Apparently, dark web marketplaces have seen an abundance of insiders offering help, information or access to their companies’ networks. Of course, all of this is done for money.
Insider threats have doubled from 2015 to 2016
Researchers from InSights and RedOwl have been analyzing posts on several dark web forums. They found out that discussions and insider outreach almost doubled from 2015 to 2016:
The dark web has created a market for employees to easily monetize insider access. Currently, the dark web serves as a vehicle insiders use to ‘cash out’ on their services through insider trading and payment for stolen credit cards.
The researchers were able to sneak into several of those forums, such as the Insider Trading KickAss marketplace. The latter is a subforum, active for almost a year. There’s a membership fee of 1 BTC, and the admins are very picky about new members. Membership require the newcomer to prove their capabilities and/or access to the specific data by sharing real inside information. The information is then submitted to thorough checks and confirmation, as explained by the researchers.
The forum appears relatively active with approximately five posts per week and a total of 40 BTC in transactions (approximately $35,800). According to the group’s manager, there are members who make more than $5,000 USD a month using the leaked information.
Besides valuable inside information, dark web forum admins are also looking for chain store cashiers that could assist them in buying iPhones with stolen credit cards. Logically, the cashiers are rewarded for not flagging the transaction as potentially fraudulent. Other criminal demands include outreaching other store employees for acquiring customers’ payment card details.
Another example illustrates fraudsters contacting a bank employee to help them plant malware onto the bank’s network. This would grant criminals continuous access to systems that deal with transfers.
What should organizations do to minimize the risk of corporate insider threats?
Organizations should prioritize internal discipline. Consistent corporate security policies should first be carefully created, and then maintained thoroughly. Employees should be trained to care about security and privacy. Of course, there should be strict penalties corresponding to illegal behavior on behalf of employees.
There should also be proper technology and security teams that should constantly be on the lookout for suspicious employee activities, researchers conclude.