Organizations face asymmetric and unprecedented risks from insiders — employees and contractors who have valid access to enterprise networks. Insider risk is on the rise in part due to the growing influence of the dark web, a portion of the internet that enables anonymity. The dark web is being increasingly used by cybercriminals for recruiting insiders to help steal data, make illegal trades or otherwise profit.
RedOwl and IntSights collaborated to better understand how the dark web contributes to the increase of insider risk. By studying dark web forums focused on recruiting and collaborating with insiders, we found:
- The recruitment of insiders within the dark web is active and growing. We saw forum discussions and insider outreach nearly double from 2015 to 2016.
- The dark web has created a market for employees to easily monetize insider access. Currently, the dark web serves as a vehicle insiders use to “cash out” on their services through insider trading and payment for stolen credit cards.
- Sophisticated threat actors use the dark web to find and engage insiders to help place malware behind an organization’s perimeter security. As a result, any insider with access to the internal network, regardless of technical capability or seniority, presents a risk.
Using a combination of covert techniques and searching, researchers monitored insider activity on the dark web and tracked the volume of references to insiders in cybercrime forums over the past two years. Each individual post referencing insiders counted as a unique instance. Also, each post was reviewed by an analyst to validate that the references to insiders were in the right context. Over the course of two years, we saw approximately 1,000 references with a spike occurring in the closing months of 2016.
Our research identified some areas where insiders engage on the dark web:
- Insider trading (i.e., trading on information not available to the public at large).
- Selling credit card numbers stolen from retail sector employees.
- The “weaponization” of insiders by threat actors.
To combat the problem, risk management teams should join the growing number of organizations that are actively building insider threat programs. Ironically, 80 percent of security initiatives focus on perimeter defenses, while fewer than half of organizations budget for insider threat programs.
To read the full report please see the following link .
This post was written by Ido Wulkan, IntSights Head of Intelligence.