"Drain" confidential information is becoming easier for insiders

The DeviceLock company is studying the issuewhose importance is hard to overestimate. In the era of information wars, not only between states, but also between economic entities and even between separate groups of individuals whose competitive interests intersect, to know how confidential information is obtained by the opposing party about the enemy’s state of affairs is to be half-ready to resist such a “raider” attack ”on valuable classified information.

Researchers at DeviceLock talked about a new method used by insiders, not even penetrating information systems, to steal user data.

Now any enterprise to protect itsinformation from leaks uses DLP systems that record attempts to download data to a flash drive or to the Cloud. To get around this barrier, unscrupulous employees display the necessary information on the computer screen, and then simply take a picture of it. To send information from the same device to the customer or to the black market on a darknet (a hidden network of Internet connections) for such an information criminal is not difficult.

Unfortunately, we have to admit that even inlast year, this form of information leakage was a great rarity, but this year it has become one of the most popular and reached 10% of the total user data sold on the darknet.

DeviceLock conducted its research from January toMay this year, they studied the 800 documents proposed in the darknet and specific cases of “breaking through” the users' information data. According to researchers of DeviceLock, information on tens of millions of Russian citizens is sold on the black market.

The main victims of leaks are banks, MFIs andcellular operators, the share of theft of information from their databases is more than 70%; 20% are leaks in the services market and in cloud services, and government agencies account for 10%. And yet, according to information released by DeviceLock experts, the most popular channel of leaks (80% of the total volume) remains uploading data from corporate systems to external media.