We frequently affirm the fact that the primary security threat is ourselves, including if we move into the business world. Insider threats are more prevalent than ever. This is because they became services that are offered through the Dark Web. Just as anyone who could, offered their web development or computer repair services, a person or a group of people can offer you access to a corporate network and their data, logically in exchange for a significant sum of money.
The Dark Web is known for having multiple options for accessing data sets caused by data leaks, hacking tools and malware . All this can be in the form of purchase, rent and it is even possible to launch “your offer” for sale or rent, without precisely going through the scrutiny of the general public, the businesses that have originated by this way easily exceed the Thousands of dollars.
Today, “Insider” -type security threats are expanding very rapidly. But what is an Insider ? Today in this article we are going to explain it to you with a practical example.
Imagine that a person who works in the IT department in an organization is responsible for the area and, practically, has all the “master” accesses to the network infrastructure and databases that are managed. He is considered a highly trained person and many improvements that have been implemented have been thanks to this person during his work in the organization.
However, and for no apparent reason, he is fired. On the last business day of the month, they inform you that they no longer belong to it and apply the figure of unfair dismissal. Consequently, they request that you leave as soon as possible. Without much control by human resources and IT, this manager manages to maintain his access to the network and databases in general from his personal computer, even if he no longer works for the company.
With all this, it has managed to execute several cyberattacks on the organization. Virtually all of these have been successful and have generated a lot of income in a short time. This is an example of an Insider threat, anyone who is part of an organization (or who is no longer part) and who has important knowledge about the internal network and who, with these, can carry out attacks of all kinds.
Insider threat cases
Insider-trading-as-a-service
This type of service is quite similar to rental DDoS services. It has been offered for a few years now. What does it consist of? Well, every person or organization that is interested, must pay a set money, this money is defined by the person or organization that offers the Insider-trading-as-a-service service .
Prices vary quite a bit, it can cost hundreds of euros or there may even be cases where this insider trading service is offered through an annual subscription that costs a Bitcoin. Recall that despite the fact that cryptocurrencies are characterized by being highly volatile in relation to their price, bitcoin is still the most valuable. Lately, the price of a Bitcoin is around 9000 USD.
Once you have paid, you get used to receiving instructions that tell you how to maliciously trade information without getting caught. It is even possible to find sites on the Dark Web that specialize in recruiting insiders , who are motivated to share their knowledge. How? Through rewards consisting of money, or privileged access to specialized corporate information trading sites.
Sale of customer databases
Insider threats have the ability to offer the customer databases of an organization for which you work or worked. Its main difference is that the database is available in real time. This means that the interested person or organization can obtain privileged and highly updated information. Of course, this service has a very high price, which can reach hundreds of thousands of dollars.
Sale of algorithms
There are organizations that, in addition to databases, documentation and data on the network infrastructure in general, have very valuable data such as algorithms. These algorithms can be used to determine the ads to be displayed to users based on preferences, for example. This type of algorithms can cost a lot of money on the Dark Web, so much so that it can be worth more than a million dollars in certain cases.
There is no doubt that a large industry exists around cyber criminal activities such as those carried out by Insider threats. This industry does not stop growing day by day and the sums of money that are managed are impressive. It is clear that a good practice to carry out in network management is strict control over those users who have privileged or administrator permissions.