Symantec

Insider trading in the Dark Web is expanding, with new recruits being sourced from banks and financial institutions keen to make money from privileged access and knowledge.

According to cybersecurity firm RedOwl and Intsights' newly-released report on insider trading, a number of marketplaces have sprung up which focus purely on insider trading as a way to manipulate the stock market, sell access to corporate systems and resources, and trade leaked information.

Forum discussions around insider trading nearly doubled from 2015 to 2016, with close to a thousand references being noted by researchers by the end of the year.

"The dark web has created a marketplace with ready buyers and collaborators that enables monetization of insider actions," the researchers say. "Namely, the dark web catalyzes malicious insider activity by facilitating the ability to cash out with diminished risk of detection."

Marketplace administrators take care to keep their activities as quiet as possible by hosting their websites overseas, keeping no logs, and using secure operating systems, according to RedOwl.

Membership is also a right of passage for many, with administrators keen to admit only those that have something worthwhile to offer.

One exclusive forum, called "Kick Ass Marketplace," does not let new members join unless they prove they have access to privileged information -- and then charges a membership fee of $820.

According to the forum's creator, there are members of the club which make more than $5,000 a month by trading leaked data such as stolen credit cards.

Stock market trading, Forex trading, "knowing what is happening before the rest" news exchanges and commodity sales all take place in the forum. Over the past two years, the researchers have monitored roughly five posts a week and over $32,000 in transactions, all of which are made in Bitcoin.

In another forum, "The Stock Insiders," the administrator claims to be "a former successful IT entrepreneur [..] also an active trader and has inside access to several publicly traded companies."

Would-be insider traders are also given the tools to get the job done. In some cases, administrators provide users with malware samples so insiders in the financial industry can quickly gather the information they want without any need for specialized knowledge.

In addition, the researchers say that the Dark Web forums are giving insiders the chance to collaborate with skilled cyberattackers to conduct attacks.

In one case, for example, a cyberattacker offered to pay an insider a weekly wage to infect systems with malware and maintain access to a bank's internal systems on their behalf.

This trend is bad news for businesses that may have strong perimeter defense but have no plans in place for when malware is loaded internally.

RedOwl says that risk management teams need to actively build insider threat programs and not just focus on external threats to their systems and data. The company says that while 80 percent of security initiatives focus on perimeter defense, fewer than half of organizations spend anything at all on insider threat protection.

It is up to businesses to tighten up their access controls, educate and train staff and maintain vigilant against insider threats. But the human element is always unpredictable and so the risk associated with insider trading can only ever be mitigated, not eradicated.

How stealing your data just got easier: