Please fill in the form below to subscribe to our blog

Are Your Users Moonlighting on the Dark Web?

May 18, 2023

Malicious insiders could be lurking where you least expect them

The dark web has become a multibillion-dollar industry. Just like in any other industry, cybercriminals are always innovating, resulting in constant evolution and technology-driven changes in dark web criminal markets. One of the key contributors to this growth is the Cybercrime-as-a-Service (CaaS) sector, which makes it easy for bad actors to launch sophisticated attacks. Many dark web forums offer various CaaS services, and those services are directly responsible for fueling the dark web economy’s growth. Sometimes cybercrime services are offered by hackers who exclusively operate in the shadows, but that’s not always the case. Unfortunately, many businesses are discovering that the cybercriminals they’re defending against are sometimes a little closer to home. 

EDR represented by a rendering of connected devices

Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>

What is Cybercrime-as-a-Service

Cybercrime-as-a-Service is an organized crime model fashioned in the same vein as Software-as-a-Service. Cybercrime practitioners sell their tools, expertise and services to other individuals or cybercriminal gangs through various online platforms and marketplaces on the internet and the dark web. More and more individuals are choosing to take up CaaS as the potential for profit grows. Some of the participants are career cybercriminals, but others are malicious employees of legitimate companies looking to make easy money. In 2022, CaaS caused $6 trillion in losses to organizations across industries.

These days, anyone can launch a cyberattack with no tech skills required and a very low startup cost. Common CaaS services that are readily available in dark web forums include malware creation, exploit kits, malicious bots, phishing kits and other plug-and-play cyberattack tools. Today, even an amateur cybercriminal can launch a sophisticated attack on a target or hire someone to do it for them affordably. Due to the wide array of quality ready-made tools and skilled cybercrime labor available on the dark web, organizations are more vulnerable to cyberattacks, both from external sources and due to malicious insider activity, than ever before. 

Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>

Cybercrime-as-a-Service operators act as employers

Big CaaS operations essentially operate like legitimate corporations. Most offer their “employees” an array of lucrative benefits, like guaranteed salaries, hiring bonuses, profit sharing, flextime, paid time off and sick leave, to attract the best talent. Some cybercrime groups even require drug tests. Many organizations also offer their “employees” performance bonuses, promising them a share of the profits for cybercrime operations like a successful ransomware attack or data theft.

People can make a substantial living from ransomware and malware without ever launching an attack themselves. Developers are in the highest demand in the CaaS industry, accounting for more than 60% of the hiring posts on dark web forums. Those posts listed developer jobs with advertised monthly salaries of up to $20,000. However, the median monthly salary for a developer was around $2000. People with some cybercrime skills and experience are always in demand too. Cyberattack specialists (penetration testers) can make up to $15,000 monthly

Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>

You don’t need major tech skills to make major money

There are also many other IT jobs available on CaaS forums that require varying degrees of technical expertise or sometimes not much at all. Cybercrime gangs are hiring people for myriad roles that do not require deep technical skills, like web and email designers, data analysts and IT administrators. Some CaaS providers even have tech support representatives to alleviate buyers’ technical challenges. The median pay for a lower-tier hire ranged between $1,300 and $4,000 per month, with designers receiving the lower amounts and engineers at the higher end of the spectrum.

The list of cybercrime job opportunities is a dark mirror of the legitimate tech world. Hiring is handled in much the same way as it would be in a legitimate business with an interview process, probation period, test projects and more. However, a person doesn’t have to sign on with a cybercrime gang to make money in the CaaS economy. There are also plenty of freelancers who work on a by-the-job basis doing everything from creating phishing messages to launching ransomware attacks, making it easy for anyone with cash to spend to hire the help needed to launch an attack without building a criminal organization.

How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>

Is cybercrime a second job for one of your users?

As the world sees waves of tech layoffs in today’s challenging economy, there is good reason to believe that some of those laid-off tech professionals may turn to cybercrime to pay the bills. Some IT professionals that are still employed by legitimate companies may also be tempted by the money and do a little dark web freelancing on the side. Alternatively, a disgruntled employee may turn to the dark web to harm their employer. In the U.S., an estimated three-quarters of businesses have experienced fraud, sabotage or data theft at the hands of a malicious insider.  

That can spell disaster for their employers, especially if malicious insiders have or have access to highly privileged user accounts at their legitimate employer’s business (or a former employer’s network). Those employees could choose to sell their company’s data or sell access to their company’s network to make a quick buck. According to Verizon’s 2023 Data Breach Investigations Report malicious insiders caused 406 data security incidents via privilege misuse in the preceding 12 months, and 288 of them resulted in data disclosure.

It’s essential that businesses take precautions to stop malicious insiders before they get started or face the consequences. 

Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>

Protect businesses from malicious insider threats with Dark Web ID

Dark Web ID is an award-winning dark web monitoring platform that uses human and machine intelligence to uncover your compromised credentials, such as passwords, data, and other sensitive things that could put a business at risk of a cyberattack or data breach. The intuitive and automated monitoring platform helps companies ensure that there aren’t any surprises waiting for them because of dark web data exposure. Dark Web ID offers best-in-class dark web intelligence about compromises of business and personal credentials, including domains, IP addresses and email addresses, delving into every corner of the dark web, including: 

  • Hidden chat rooms 
  • Unindexed sites 
  • Private websites 
  • P2P (peer-to-peer) networks 
  • IRC (internet relay chat) channels 
  • Social media platforms 
  • Black market sites 
  • 640,000+ botnets 

Dark Web ID features: 

  • 24/7/365 monitoring using real-time, machine- and analyst-validated data.      
  • Live dark web searches that find compromised credentials in seconds.    
  • Clear and visually engaging risk reports.    
  • Enjoy seamless integration with popular PSA platforms, including Kaseya BMS, Autotask and ConnectWise.  
  • Easy integration with your security operations center (SOC) and other alerting and remediation platforms with available APIs. 

 Schedule a demo of Dark Web ID>>  

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!