Kaspersky Lab has revealed that cybercriminals are using insiders in the telecommunications industry in order to target victims.
This means that the criminals are recruiting people to help them gather access to networks and subscriber data.
Kaspersky said that while some of the recruits are disaffected employees, others are being blackmailed by criminals.
“To achieve their goals, cybercriminals often use insiders as part of their malicious ‘toolset’, to help them breach the perimeter of a telecommunications company and perpetrate their crimes,” Kaspersky said.
The finding was part of the company’s intelligence report which assesses security risks.
But how do the criminals find their insiders? Willing participants are recruited via underground message boards or black market recruiters.
“These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail,” Kaspersky said.
For unwilling participants, the hackers find compromising information on employees and blackmail them. This was especially prevalent after the Ashley Madison hack, which saw data on millions of members leaked.
“They then blackmail targeted individuals – forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear-phishing attacks on their behalf,” Kaspersky said.
Unfortunately, consumers can’t do much to prevent this, but Kaspersky advises companies to take action. This includes doing a regular security audit of their IT infrastructure and restricting access to sensitive information.