Insider Risk

Dark Web Recruitment of Employees Puts Organizations at Risk

By Veriato Team

The idea of your employees being solicited on the Dark Web isn’t a hypothetical; it’s real, it’s tempting, and it’s lucrative.

We’ve written previously about the dangers of the Dark Web and why you need to be paying attention as an employer. One of the realities of the dark web is the issue recruitment. Cybercriminal organizations need help, and posting the job on legitimate job sites hoping the potential candidates won’t turn them in doesn’t sound like a good plan. Instead, the Dark Web provides the right context – as, basically, nothing on the Dark Web is  legal – to solicit for new hires.

The scenario below demonstrates how hacker groups leverage the Dark Web to enlist the aid of talented individuals to carry out their unlawful activities.

This month, the hacking group known as Dark Overlord released the decryption keys for the first batch of what they refer to as the “9/11 files” – a set of “impactful” documents they say were stolen from New York real estate firm Silverstein Properties, and UK insurers Hiscox Syndicates and Lloyd’s of London. The campaign implies that more and more damning document will be released as Dark Overlord is paid more money.

But, back in November, they essentially posted a job listing on the Dark Web forum KickAss. Searching for individuals with experience with Windows, Linux, network management, and penetration testing, Dark Overlord offered payment of approximately $63,500 monthly with promise of a raise after two years. Here’s a snippet of the “job posting”:

So, what’s this got to do with your organization?  Plenty.

Think about what’s transpired – a cybercriminal organization is soliciting anyone they believe will help them attain their intended goal.  Today’s it’s about grabbing 9/11 files; but what if tomorrow it’s gaining access to a specific organization’s network? It’s not far-fetched, as cybercriminals are shifting to highly targeted attacks.

With compensation being so completely out of whack from what a regular employee makes, those users that are intent on committing fraud, data theft, or collusion may turn to the easiest means by which to make that money.

Additionally, it’s entirely realistic to envision even one of those solicited by Dark Overlord to use their work computers to carry out their tasks. Having massive data breaches traced back to your organization’s network will only tie up IT, HR, Executive, and Legal resources trying to determine exactly what has transpired and who is responsible.

Organizations need to be monitoring for employee engagement with the Dark Web – usually using Employee Monitoring Software – to detect both attempted and successful access. Other than, say, someone doing research on the Dark Web, there is zero reason why an employee should be going there.

Of course, employees can visit on their home machines, resulting in a need to further use Insider Threat Detection software to proactively identify shifts in behavior and communications that may indicate the employee has become a potential threat.

The Dark Web isn’t going anywhere, and savvy users are becoming more aware of what it offers. The time to be watchful over Dark Web access is now – before your organization is put at risk.

How to Rebrand
“Bossware”at Your
Company

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida. Risus

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Employee Monitoring Resources

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...

When To be Suspicious About Work-From-Home Employees (or Not)

When To be Suspicious About Work-From-Home Employees (or Not)

Perhaps someone doesn’t answer a Slack message as quickly as they should, or they have long hours blocked on their calendar. Maybe someone doesn’t seem motivated during team meetings or they are slow to complete work. While research has shown that overall,...

Avoid These Employee Monitoring Blunders

Avoid These Employee Monitoring Blunders

In September 2021, 45% of full-time employees were still working remotely, and the trend is hard to reverse. People like the freedom of working from home. Without a commute, they save time. Without a boss looming in the background, they can multi-task at home. And,...