The number of proposals to leak data from Russian companies from within has quadrupled. “Offers” are placed on the darknet and Telegram. The insider’s remuneration is equal to four salaries, and a possible fine does not exceed 20,000 rubles
Offers to employees of Russian companies to open access to internal data or launch malicious code into the system. Earlier such offers were placed only on the darknet. Since the spring of this year they began to appear in specialized Telegram channels. The cost of searching for a person’s passport data by phone number in the database can vary from 2,000 to 7,000 rubles, and tracking a mobile phone can start from 80,000 rubles. The surge in insider offers came in the spring of this year, both on the dark web and in the public field. At the same time, the purpose of a hacker attack is no longer so important. In addition, the qualifications or savvy of IT insiders have become less important. Experts do not know the exact number of responses to such offers – coordination of actions is already taking place. But the surge in supply is roughly equal to the surge in spring leaks and attacks. This year, indeed, the price of the “conscience of an employee” has decreased, all the high-profile leaks of the year are somehow connected with the human factor. The standard situation for companies is to give access to the order control panel, get 100% of user data leaked through one person, and then report to the security service that phishing was the culprit of the leak. And no one will be held responsible. The payment for such “work” exceeds four salaries of an employee. The law is still quite lenient in relation to persons committing illegal actions with databases, despite the fact that in recent years the damage from such actions has grown exponentially. An employee who has taken personal data “with an error” is fined a maximum of 20 thousand rubles. The summer relative lull is ending, a new “season” may begin in the fall, and the number of leaks will increase.