Criminals in darknet seek to recruit business employees: How to Prevent

Organizations face a new inside threat

Cybercriminals have rendered the darknet into their workplace. According to security monitoring and ethical hacking experts from the International Institute of Cyber Security, in darknet you can find malicious software, cyberattack services against companies or individuals, even buying confidential information sales, such as credit card numbers or identity details.

A new trend in cybercrime is the recruitment of professionals in different areas to collaborate with networks of malicious hackers from within an organization. An investigation discovered job offers in darknet for employees of banking institutions in Russia offering average wages of 4000 euros for one hour of work per day, salary much higher than the monthly average in Russia of 500 euros, so many Bank employees are attracted by this kind of offers.

In 2016, security monitoring experts analyzed about 100 million of sites in the superficial network and dark web, finding that some gangs of cybercrime resort to traditional recruitment methods; ads are published, interviews are made (by videocall in many cases), and even hired for trial periods. 

Data theft prevention via Monitoring solutions like Business Control System (BCS)

Companies cannot control the activities of users on their PCs or personal mobile devices, although there is the option to control and monitor the corporate environment to prevent employees from working as infiltrators in an organization.

The company’s visibility into employee activities is essential for detecting access or anomalous searches. By performing adequate monitoring; it is at this point that the visibility of the company in the user’s activity becomes essential.

Regularly, employees who use credential access to privileged levels are monitored, although security monitoring specialists believe that monitoring is always useful regardless of employee level; in other words, any employee who works with company information should be monitored. The monitoring of the user’s activities can be done without intervening with the user’s privacy, implementing solutions that provide a complete visibility of the employee’s actions, but limiting a potentially invasive use. The implementation of these solutions must be accompanied by a reasonable data revision policy, which does not interfere with the privacy of employees, as considered by security monitoring specialists from the International Institute of Cyber Security. For example, IICS Business Control System (BCS) has helped multiple organizations of the entire world.

The use of infiltrated employees in organizations is a serious security threat. Companies must work to understand this problem and develop the best possible preventions; employee behavior patterns, visibility into their online activities and the ability to detect anomalous incidents will help prevent a large number of security incidents stemming from the activity of criminals on dark web. Detection is crucial for organizations to protect their most valuable assets and to prevent the loss of sensitive data before the worst possible scenarios happen