The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices or disappointed company employees offer their services to criminal gangs as insiders.
This time, Check Point Research is putting the spotlight on the Darknet personnel scene. Not only are drugs, weapons, personal data, bank accounts, credit cards, hacking tools, malware and ransomware traded there, but renegade employees also offer their services as insiders, or hacker gangs look for such insiders as accomplices.
Hackers are looking for employees who spread malware or ransomware
🔎 Looking for an accomplice for a .de address (Image: Check Point Software Technologies).
“Cyber criminals often use specialized forums and marketplaces on the dark web to post job offers. These can attract tech-savvy users who have been disappointed by the traditional job market or are willing to break the law for financial reward.
The offers range from hacking and data theft to the distribution of malware and ransomware campaigns. Hackers expect insiders to provide access to target systems, help overcome security measures, provide useful information for a successful attack, or even attempt to physically sabotage a company,” explains Sergey Shykevich, ThreatIntelligence Group Manager at Check Point Research .
High rewards and training for new accomplices
🔎 Job advertisement from an insider himself (Image: Check Point Software Technologies).
In order to attract the insiders, hackers offer high rewards and often even training for special purposes. Because of this, recruiting such insiders is often expensive and dangerous, which is why hackers in this case concentrate on large, rich and therefore lucrative industries or companies. Popular targets include the financial, telecommunications or technology sectors. However, there are dozens of such ads on the dark web. They often appear to come from Russia or the Commonwealth of Independent States (CIS).
Insiders offer illegal services
🔎 Offer from an insider to commit cryptocurrency fraud (Image: Check Point Software Technologies).
But it's not just hackers who are looking for colleagues on the Darknet; insiders themselves also advertise their services. An employee of a major Russian mobile operator offered SIM card exchange and other illegal services. There are also numerous similar offers on the Darknet regarding US telecommunications providers.
Insider offers from the financial sector and the world of cryptocurrencies are also popular – also in Europe.
Hacker gangs maintain insider networks
In Russia and Eastern Europe there are even hacker gangs that maintain insider networks in various companies. Some of them also offer their own insiders who offer illegal or at least questionable services in other countries. One of these insiders is a hacker nicknamed Videntis.
Videntis published a catalog of over 11 pages offering insider services. Some of these services are very common, such as searching for a cell phone number within 48 hours for 2500 rubles (26,07 euros), listing all calls and SMS within 72 hours for 25 rubles (000 euros) or forwarding all calls from a specific number for 260,68 rubles (19 euros).
Hackers offer contacts to various insider perpetrators
Other services relate to specific Russian banks. For 8000 rubles (83,42 euros) it is possible to find out a secret word within 72 hours or for 9000 rubles (93,84 euros) to get a statement of any account.
For 900 US dollars (826,83 euros), a hacker promises to use his contacts to block any user's WhatsApp account, block a SIM card with any provider within 7 to 30 days or for 850 US dollars (781,12 euros) to block a personal Instagram or TikTok account. Some services are more versatile, e.g. B. confirming vaccinations abroad or creating health documents for travel.
Collaborating with cyber criminals is highly risky for inside perpetrators: they can be prosecuted and lose their professional reputation. There are corresponding rewards for doing so, although for some the main motivation may simply be revenge. The reward can take the form of a direct payment or a share in the profits from the stolen data. In some cases, the reward may depend on the success of the attack or the amount of data captured.
Rewards possible up to $10.0000
🔎 The Lapsus hacker gang specifically looked for internal perpetrators in telecommunications (Image: Check Point Software Technologies).
The infamous hacker group LAPSUS$ sought insiders in telecommunications companies and offered a reward at a low risk. Another group offered between $2000 (1837,93 euros) and $5000 (4594,82 euros) for employees who had access to drivers for various food delivery services. But higher amounts such as up to 100000 US dollars (91896,50 euros) for insiders in technology companies are no exception. The effects of such insider attacks can be devastating. According to the Ponemon Institute's Cost of Insider Threats Global Report, the average cost per insider incident rose to $2021 million (€15,38 billion) in 14,13.
The collaboration between hackers and insider perpetrators on the Darknet therefore represents a serious threat to data security and the infrastructure of companies. This phenomenon requires the utmost attention.
More at CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.
Matching articles on the topic