Employees Working With Hackers To Steal Corporate Data

Shutterstock

When security experts discuss employees as potential sources of data breaches in the enterprise, it is often assumed that these security lapses are mistakes. But a new report is warning that, sometimes, an employee may be enticed to deliberately divulge sensitive corporate data to hackers.

Reports Wednesday (Feb. 1) said U.S. risk management company RedOwl, along with Israel-based IntSights, have found evidence that employees at various companies and institutions are actually working with hackers and criminals to ensure they have access to sensitive corporate data and even enable these criminals to infect corporate networks with malware.

In one instance, research from RedOwl and IntSights found that staff at an unnamed bank are helping hackers maintain a presence on the bank’s networks, reports said.

Those criminals are working via dark net site Kick Ass Marketplace, where subscribers pay one bitcoin a month to access the insider data leaked by employees. According to reports, the site’s administrator is known as h3x, who once described himself as a “self-taught cryptographer, economist, investor and entrepreneurial businessman.” Three hackers and two trading analysts serve as administrators for Kick Ass Marketplace, h3x said.

There are reportedly 25 subscribers on Kick Ass Marketplace, taking in about $35,800 a week in subscription payments.

According to analysts, this type of “insider recruitment” is a growing phenomenon.

“The dark web has created a marketplace for employees to easily monetize insider access,” they stated. “The dark web serves as a vehicle insiders use to cash out on their services through insider trading and payment for stolen credit cards. Sophisticated threat actors use the dark web to find and engage insiders to help place malware behind an organization’s perimeter security, [and] as a result, any insider with access to the internal network, regardless of technical capability or seniority, presents a risk.”

The trend is a troubling one, considering many employee-derived security breaches at corporations are often described as an error, by clicking malware-infected links or falling for phishing scams, for instance.