There is a steady pattern of insider threat related activity observed in the cybercriminal underground that offers a range of services.
Intentional or unintentional disclosure of information has not always been dependent on cybercrime, however threat actors leverage the human variable within a company to access organizational data and systems in order to conduct fraudulent activity. The consistent behavior of an insider threat has created a foundation for industries to implement employee training and security guidelines to prevent leakage of data or unauthorized access to internal and often proprietary systems. However, these policies have not deterred employees from offering their services as an insider within a company, nor has it impeded the advancements of cybercriminals approaching employees to use their specific access for monetary gain.
There is a steady pattern of insider threat related activity observed in the cybercriminal underground that offers a range of services. Threat actors often disclose general details about their contacts or level of access and request that other cybercriminals participate in whatever scheme they have running. Advertisements typically involve access to an entry-level employee such as gas station cashiers and retail and local bank employees, but they may also include access to managers or employees with heightened administrative privileges. Overall, activity in the underground shows direct access to account information and company systems can be leveraged to monetize commonly employed intrusion and fraud techniques.
Organizations should use traditional security controls to address insider threats but enhance these policies by maintaining awareness of the type of information and access that insiders provide to cybercriminals. Intel 471 monitors closed sources where these advertisements are shared and where the information or access can be used for further fraudulent activity. Knowing a threat actor’s intended use for the insider and where in an organization an insider is positioned can reveal opportunities for more proactive measures to be put in place at a company or corporate level. Intel 471’s Titan platform highlights relevant closed source information allowing our clients and users of our partner integrations to set up alerts on insider threat activity related to their unique business priorities.