The cybercriminal community is rapidly increasing its interest in recruiting personnel from within companies . Instead of sophisticated external attacks, criminals are increasingly relying on internal sources— people willing to provide access to company systems or disclose confidential information for a fee.
This trend has already affected banks, cryptocurrency exchanges, telecommunications companies, and technology companies.
According to Check Point, offers of collaboration regularly appear on underground forums.
Some are written in a neutral tone, while others try to appeal to emotions, promising relief from routine work and high profits. Rewards for assistance range from several thousand dollars for a one-time service to six figures for a long-term partnership.
These include accessing internal systems, resetting passwords, and transferring databases or other information useful for attacks.
The financial sector remains a key target. Darknets offer targeted offers to employees of exchanges like Coinbase, Binance, Kraken, and Gemini, as well as employees of major banks and tax authorities. Criminals are willing to pay tens of thousands of dollars for transaction history or administrative access. Even complete databases are being sold: one containing information on 37 million users is worth $25,000.
Technology companies are also under attack. Cloud storage and customer data are of particular concern. Forums are recording requests addressed to employees of Apple, Samsung, and Xiaomi, as well as telecom operators, logistics companies, and IT consultants. SIM-swapping attacks, which require the assistance of mobile operator employees, remain a separate area.
In some cases, rather than a one-time collaboration, the offer includes permanent remote work at a fixed cost.
These agreements can last for weeks and include activities such as transferring information, removing traces, or deactivating security systems . Sometimes, so-called access brokers , who operate via Telegram and other closed platforms, are also involved. These platforms also recruit penetration testers willing to use their expertise to support ransomware attackers.
The anonymity of transactions further exacerbates the situation.
Thanks to cryptocurrencies, participants in such schemes can remain under the radar of regulators, and the transactions themselves are difficult to trace. For companies, this means not only direct losses, but also the risk of reputational damage, disruptions to business processes, and legal compliance issues.
To protect themselves from this threat, organizations must combine technological measures with human resources management. This includes raising awareness of potential risks, regularly monitoring employee activity, restricting access to critical systems, and constantly scanning darknet sites for any references to the company.
Only constant preparation and attention to detail can minimize the risks associated with insider threats.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
