WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
The sensitive and financial data held by banks and financial institutions, as well as their centrality to national infrastructure, makes them an attractive target for cybercriminals and hacktivists. In this blog series, we’ll be shining the light on some the latest tactics and techniques used as part of insiders, banking trojans, phishing campaigns, and payment card fraud. In future posts, we’ll also peer beyond the cybercrime world to understand if hacktivism poses a viable threat to the financial sector. Let’s start with insiders.
It’s not uncommon for insiders to offer their access and information across dark web and criminal sites. These discussions include users asking about the best places to sell insider information, others asking where it can be found, individuals claiming to sell insider access, and other users attempting to recruit insiders. It’s something that we will alert our customers to (read the our insider use case for more information). The site Intel Exchange (Figure 1), for example, has a dedicated section for insider information discussions. Similarly, Figure 2 illustrates an individual selling insider access to a large mortgage company.
Figure 1: Insider information discussion board on Intel Exchange site
Figure 2: Posts made by user offering insider access to mortgage company
Keyword searches across our dark web spider coverage over only the past six months returned 8,425 mentions of insider trading keywords and phrases on our tracked sites. This data and supplementary manual searches indicate there is substantial interest in insider trading within the online criminal ecosystem.
For example, back in February 2017, an AlphaBay forum (when the site was still operational) user named “asad1199” made multiple posts to the forum claiming to have access to a Society for Worldwide Interbank Financial Telecommunications (SWIFT) payment gateway and sought experienced users to help them monetize it.
Figure 3: Post made to AlphaBay forum by user asad1199 offering SWIFT access
The user claimed to possess “data” that provided full administrator access to this system. The posts claimed that asad1199 would provide information as to where SWIFT transfers should be sent and offered to provide any potential partners with 10-20% of any profits in exchange for their services.
This user had previously added similar posts to the “Wanted” section of AlphaBay claiming to have access to an Automated Clearing House (ACH) system at a logistics company and an automobile dealership in the United States. In these posts the user offered a bank drop service wherein they would receive payments and then transfer to another account specified by the customer, charging 50% commission.
Despite these examples, the most valuable insider information is not typically advertised openly online. Insider access is often a very case-based and demand driven process that is not well suited to online marketplace or forum models.
Those with privileged access or information will most likely conduct their business in person to avoid raising the suspicions of law enforcement. Large datasets containing personally identifiable information or credit card details, on the other hand, are more easily monetizable and likely to be shared and sold across online forums and marketplaces.
Exclusivity and a level of closed- or limited -access is significant in the trade of insider access on cybercriminal locations. Insider information only remains valuable while access to it is limited to a small, restricted and trusted group, hence why specialist dark web sites such as The Stock Insider (Figure 4) and KickAss (Figure 5) have ostensibly developed access restrictions to maintain the appearance of legitimacy. Moreover, these restrictions also provide inside sources and buyers with a level of perceived protection as they will feel their identities are less likely to be exposed or compromised by having too many members in these networks.
Figure 5: Stock Insiders forum homepage
Figure 6: KickAss marketplace homepage advertising insider trading
Of course, we should take these forums with a pinch of salt. The focus on insider trading on KickAss has since been scaled back and the site appears to now cater to a more general criminal community. Threads on other criminal forums and Reddit pages also regularly claim that KickAss is a scam and users were not receiving valid insider trading tips for the membership fee. Membership of the forum requires a monthly fee of 0.25 BTC.
Sites like KissAss and The Insider are illustrative of the interest in insider trading across the dark web and criminal forums. However, you shouldn’t hyper focus on these sources alone. Organizations should start on the inside, implement the principles of zero trust, know where your toxic data resides, and understand how an insider would monetize that data. Once you have understood this, you can:
Stay tuned for our future blogs on other threats to financial services.
To stay up to date with the latest Digital Shadows (now ReliaQuest) threat intelligence and news, subscribe to our threat intelligence emails here.