CHECK Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd and a leading provider of cyber security solutions globally, warned that not only hacking tools, threats, weapons, drugs, stolen personal information and login credentials are traded on the darknet.
Various insiders and hacker groups are also offering their services to cybercriminals looking for collaborators to help them attack organizations from the inside.
The darknet is attractive to cybercriminals because of its near-perfect anonymity, making it an ideal space for finding collaborators to offer illegal employment opportunities.
Many offers are targeted at insiders, those with knowledge of and those who have access to sensitive systems, who can help cybercriminals penetrate protected networks.
While we think that with the advancement of cyber tools, insider businesses will diminish, we have observed that during the last two years, they continue to flourish in the darknet.
Job offers on the darknet
“Cybercriminals often use specialized forums and marketplaces on the darknet to post job offers. These can attract tech-savvy users who are disenchanted with the traditional job market or are willing to go beyond the law for financial reward. Offers can range from hacking and data theft to malware deployment and ransomware campaigns.
“Hacker groups expect insiders to provide access to target systems, assist in overcoming security measures and provide useful information for a successful attack, or even attempted physical sabotage,” said Threat Intelligence Group Manager at Check Point Research, Sergey Shykevich.
Finding insiders
Insiders are valuable to cybercriminals because they can access critical information and weaken security measures from the inside.
Cybercriminals often entice individuals with lucrative financial incentives for collaboration, sometimes even offering specialized training to maximize the extent of harm caused. This may include instructions on installing malware or disrupting the security systems of employers.
There are dozens of similar offers on the darknet. These advertisements are frequently from Russia or the Commonwealth of Independent States.
Hiring an insider is expensive and dangerous, which is why cybercriminals target lucrative industries and large companies in these cases. For example, the financial, telecommunications or technology sectors are popular targets.
However, it is not just cybercriminals looking for collaborators on the darknet, insiders are also proactively offering their services. For example, an employee of a major mobile operator in Russia offered SIM card swapping and other illegal services.
There are many similar advertisements also for the US telecommunication operators. Insider services from the financial sector and the world of cryptocurrencies are also popular. The technology sector has faced the threat of insiders.
However, no sector is exempt from risk as advertisements relating to the shoe and fashion trade have shown.
Cybercrime organizations in Russia and Eastern Europe monitor insider networks in various organizations. However, some of them also offer their insiders who provide illegal or at least dubious services in other countries.
One notable insider is hacker Videntis, who maintains a catalog of over 11 pages offering various insider-related services.
Among some of the common services are finding a mobile number for 2,500 roubles (RM133.65) within 48 hours, listing calls and SMS within 72 hours for 25,000 roubles or forwarding calls from a specific number for 19,000 roubles.
Others involve specific Russian banks. For 8,000 roubles, it is possible to uncover a secret password within 72 hours or obtain a statement from any account for 9,000 roubles.
For US$900 (RM4,243), a hacker can block any user’s WhatsApp, a SIM card with any operator, or for US$850, block any personal Instagram or TikTok account within seven to 30 days.
Some services are more versatile, such as confirming vaccinations abroad or creating health documents for travel.
Profitable deal
Engaging with cybercriminals as insiders carries significant risks, including the potential for criminal prosecution and damage to one’s professional reputation. Despite these risks, there are corresponding rewards. However, for some individuals, the primary motivation may be driven by a desire for revenge.
The reward may be in the form of a direct payment or a share of the profits from the stolen data. In some cases, rewards may be contingent on the success of the attack or the amount of data recovered.
For example, the infamous hacker group Lapsus$ sought insiders within telco companies and offered rewards. Another group offered between US$2,000 and US$5,000 to employees who had access to drivers at various food delivery services.
However, it is not uncommon for more substantial amounts, such as to insiders within technology companies.
The impact of attacks involving insiders can be devastating. According to the Ponemon Institute’s “Cost of Insider Threats Global Report”, the average cost per incident related to an insider in 2021 was estimated to be US$15.38 million.
This article is contributed by Check Point Research, a leading provider of cyber security solutions.
Comments: letters@thesundaily.com
