Here’s How Insider Threats are Monetized via Services Offered on Dark Web

  • Unlike the data from a typical data breach dump which can become outdated over time, a malicious insider can offer live access to a customer database.
  • In addition to selling credentials, insider threats can also put a company’s secret code or document at risk by exposing it to the dark web.

In today’s threat landscape, dark web marketplaces are not just used by cybercriminals to dump credentials and offer hacking tools and malware on rent. The underground market has expanded to include services from insiders looking for ways to monetize their knowledge and access to enterprise networks and systems.

What’s in store for insider threats?

Today, even people with limited technical skills can leverage dark web as a means to carry out their malicious activities from an insider-threat perspective. This leads to a variety of threats listed below.

Insider-trading-as-a-service sites

This form of service has been relatively common over the last few years. Subscribers of such services typically get access to a steady stream of insider information for a fee, which can go up to $500 or an annual subscription for one bitcoin. Upon subscribing, one can receive instructions on how to execute malicious trades without getting caught by regulators. Some of these sites actively recruit insiders to share material information related to a targeted company. In some cases, the insiders are paid tips or offered free access to trading sites in lieu of sharing information.

Offering customer database on sale

Unlike the data from a typical data breach dump which can become outdated over time, a malicious insider can offer live access to a customer database. One such incident was reported where an insider was found offering live access to a database belonging to an online traveling site. The access was being sold for 1,500 euros.

Selling company’s crucial algorithms

In addition to selling credentials, insider threats can also put a company’s secret code or document at risk by exposing it to the dark web. In an interesting incident, one insider at a hedge fund was found selling access to the company’s ‘crown jewel’ trading algorithm for $300,000. Other malicious actors can steal these codes and reap benefits from making timely financial trades.

Bottom line

With several exit scams and dark market takedowns, threat actors have moved to alternate communication and trading channels such as Discord, Telegram, and OpenBazaar, to evade law enforcement. All of this activity can make it more difficult than ever for enterprises to uncover breaches and other indicators of compromise in the criminal economy, including those perpetrated by malicious insiders.