Hackers are increasingly targeting employees, in efforts to launch cyberattacks against businesses. Security researchers have found that the telecommunications industry is particularly vulnerable to such threats and is a "top target" for cyberattacks. Hackers are now luring insiders via underground channels, either paying or blackmailing them, as part of their malicious "toolset" to help breach telecom providers' security and conduct attacks.
According to Kaspersky Lab, telecom providers are attractive targets for cybercriminals and state-sponsored hackers as they collectively oversee global networks, voice and data transmission and store colossal amounts of sensitive data. Researchers also noted that "28% of all cyberattacks, and 38% of targeted attacks now involve malicious activity by insiders".
"The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organisation in world where attackers don't hesitate to exploit insider vulnerability. Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it the better you can prepare," said Kaspersky Lab security researcher Denis Gorchakov.
Security researchers noted that cybercriminals trapped insiders in one of two ways. Hackers either go about using already available compromised data from previous hacks to target employees and blackmail them, forcing them to divulge sensitive data and credentials, or they recruit willing staff via underground message boards or the services of "black recruiters" and pay them to pinpoint their colleagues who could be potentially blackmailed into handing over sensitive information.
There are, however, other ways that insider threats can end up making businesses vulnerable to cyberattacks. According to Kaspersky Lab, "researchers noted two non-typical examples, one of which involved a rogue telecoms employee leaking 70 million prison inmate calls, many of which breached client-attorney privilege. In another example, an SMS centre support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing OTP (One-Time Passwords) for the two-step authentication required to login to customer accounts at a popular fintech company".
Kaspersky warns that cybercriminals are increasingly adopting the blackmail approach when targeting businesses, especially after the high-profile Ashley Madison leak. In fact, in June, the FBI released a public service announcement cautioning users of such blackmail scams and the potential dangers they pose.