![\"\"](\"http:\/\/54.201.249.27\/\/wp-content\/uploads\/2017\/02\/darkweb-agreement-644x1024.jpg\")
<\/p>\n<\/p>\n
Dark web marketplaces have witnessed an increase of employees offering insider traders, fraudsters and hackers information, help or outright access to their company\u2019s networks \u2013 for a fee, of course.<\/p>\n
<\/p>\n
<\/p>\n
Corporate insiders collaborating with threat actors on a dark web forum<\/em><\/p>\n According to an analysis of a year-worth of posts on several specialized cybercrime forums, researchers from IntSights and RedOwl found that discussions and insider outreach nearly doubled from 2015 to 2016.<\/p>\n \u201cThe dark web has created a market for employees to easily monetize insider access. Currently, the dark web serves as a vehicle insiders use to \u2018cash out\u2019 on their services through insider trading and payment for stolen credit cards,\u201d they pointed out.<\/p>\n The researchers managed to gain access to several insider trading forums.<\/p>\n One of them \u2013 Insider Trading KickAss marketplace \u2013 is a subforum that has been active for nearly a year. The administrators are very particular about who they invite to join, and charge a membership fee of 1 BTC.<\/p>\n \u201cThese groups require those who apply for membership to prove their capabilities and\/or access to knowledge by sharing real inside information, which is then thoroughly checked and confirmed,\u201d the researchers explained.<\/p>\n \u201cThe forum appears relatively active with approximately five posts per week and a total of 40 BTC in transactions (approximately $35,800). According to the group\u2019s manager, there are members who make more than $5,000 USD a month using the leaked information.\u201d<\/p>\n On another forum payment card fraudsters have been spotted looking for retail chain store cashiers that could help them buy iPhones with stolen credit cards. The cashiers are, of course, remunerated for not flagging the transaction as potentially fraudulent. Other store employees are asked to help fraudsters steal customers\u2019 payment card information.<\/p>\n In another instance, hackers were looking for a bank employee that would help them plant malware directly onto the bank\u2019s network, allowing them to have continuous access to computers that handle transfers.<\/p>\n It\u2019s simple: the criminals have the knowledge and the tools, and the insiders have access and information. Using dark web forums for making deals and organizing the attack\/compromise minimizes the possibility of insiders being detected and identified.<\/p>\n To minimize the insider threat, enterprises should create, train and enforce consistent corporate security policies while protecting employee privacy,\u201d the researchers advise. The rules and penalties for engaging in insider behavior should be clear.<\/p>\n Technology that monitors employee activity without infringing their privacy should be implemented, and security teams should be on the lookout for suspicious employee activity.<\/p>\nSupply and demand<\/h3>\n
Minimizing the threat of corporate insiders<\/h3>\n